Close

Privacy Notice

Introduction

Black Sun Plc ("Black Sun", "we", "us", or "our") is strongly committed to protecting Personal Data. This notice describes why and how we collect and use Personal Data and provides information about individual's rights.

It applies to Personal Data provided to us, both by individuals themselves or by others. We may use Personal Data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.

Personal Data is any information relating to an identified or identifiable living person. Black Sun processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using Personal Data, our Notice is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this notice.

Security

We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to confidential data is independently certified as complying with the requirements of ISO/IEC 27001:2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

Purposes of Processing

We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.

In the majority of cases, we process your Personal Data for all of the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services), or the legitimate interests of third parties with whom we share your data, to carry out these activities.

Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).

Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.


1.       Visitors to our websites

Collection of Personal Data

Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data, such as name, title, company address, email address, and telephone numbers, from websites’ visitors; for example when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email to us through our websites. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.

Cookies

We use small text files called ‘cookies’ which are placed on your hard drives to assist in personalising and enriching your browsing experience by displaying content that is more likely to be relevant and of interest to you. The use of cookies is now standard operating procedure for most websites. However if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies in order register on our websites. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our websites, you can always delete the cookie from your system if you wish. You can find out more details regarding our use of cookies on our Cookies page.

Use of Personal Data

When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected to:

-          evaluate your registration or application for our products and services;

-          deliver the services you request, manage your account, or to communicate with you regarding your account;

-          send you our newsletters or research materials when you have expressly consented to this;

-          personalise your repeat visits to our websites;

-          register for events;

-          subscribe to updates;

-          administer and manage our websites, including confirming and authenticating identity and preventing
           unauthorised access to restricted areas, or services limited to registered users;

-          aggregate data for website analytics and improvements;

-          monitor and enforce compliance with our terms and conditions for use of our websites; and

-          as we believe necessary or appropriate to comply with legal requirements.

Third Party Websites

Our websites may contain links to third party websites and features. This Notice does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages through widgets, or we may provide links to industry reports.

Data retention

Personal Data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual). Once the period above has concluded, we will either:

-          permanently delete or destroy the relevant Personal Data;

-          archive your Personal Data so that it is beyond use; or

-          anonymise the relevant Personal Data.


2.       Visitors to our offices

We have security measures in place at our offices, including sign in procedures and building access controls. We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident). Once the period above has concluded, we will permanently destroy the relevant Personal Data;


3.       Business contacts

Collection of Personal Data

Black Sun processes Personal Data about contacts (existing and potential Black Sun clients and/or individuals associated with them) using a customer relationship management system (the “Black Sun CRM”).

The collection of Personal Data about contacts and the addition of that Personal Data to the Black Sun CRM is initiated by a Black Sun user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the Black Sun CRM may collect data from Black Sun email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between Black Sun users and contacts or third parties.

Use of Personal Data

Personal Data relating to business contacts may be visible to and used by Black Sun users to learn more about an account, client or opportunity they have an interest in, and may be used for the following purposes:

-          administering, managing and developing our businesses and services;

-          providing information about us and our range of services;

-          making contact information available to Black Sun users;

-          identifying clients/contacts with similar needs;

-          describing the nature of a contact’s relationship with Black Sun;

-          with your consent, to send you marketing e-mails about upcoming promotions, newsletters, new products,
           services, webinars, events and other news. You may opt-out of receiving such information at any time:
           such marketing emails tell you how to “opt-out,” Please note, even if you opt out of receiving marketing emails,
           we may still send you non-marketing emails. Non-marketing emails include emails about your account with us
           (if you have one) and our business dealings with you; and

-          performing analytics, including producing metrics for Black Sun leadership, such as on trends, relationship maps,
           sales intelligence and progress against account business goals.

Black Sun does not sell or otherwise release Personal Data contained in the Black Sun CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

Data retention

Personal Data will be retained on the Black Sun CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact). Once the period above has concluded, we will either:

-          permanently delete or destroy the relevant Personal Data;

-          archive your Personal Data so that it is beyond use; or

-          anonymise the relevant Personal Data.


4.       Suppliers

Collection of Personal Data

We collect and process Personal Data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.

Use of Personal Data

We use Personal Data for the following purposes:

-          receiving services;

-          providing professional services to clients;

-          administering, managing and developing our businesses and services;

-          security, quality and risk management activities;

-          providing information about us and our range of services; and

-          as we believe necessary or appropriate to comply with legal requirements.

Data retention

We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Once the period above has concluded, we will either:

-          permanently delete or destroy the relevant Personal Data;

-          archive your Personal Data so that it is beyond use; or

-          anonymise the relevant Personal Data.


5.       Recruitment Applicants

Collection of Personal Data

When applying online for jobs at Black Sun, any Personal Data provided by you to us will only be used to facilitate the transfer of information for recruitment purposes.

We usually collect Personal Data directly from you when you apply for a role with us, such as your name, address, contact information, work and educational history, achievements, desired salary expectations, and test results.

Use of Personal Data

We use Personal Data for the following purposes:

-          identifying and evaluating candidates for potential employment, as well as for future roles that may become
           available;

-          recordkeeping in relation to recruiting and hiring;

-          ensuring compliance with legal requirements, including diversity and inclusion requirements and practices; or

-          protecting our legal rights to the extent authorised or permitted by law.

We may also analyse your Personal Data to improve our recruitment and hiring process and augment our ability to attract successful candidates.

We process your Personal Data for the purposes described above when:

-          we have your consent to do so;

-          necessary to enter into an employment contract with you;

-          necessary for us to comply with a legal obligation; or

-          necessary for the purposes of our legitimate interests.

Data retention

We retain job applications for a period of 12 months, however we may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of one of our recruiting programmes. Once the period above has concluded, we will either:

-          permanently delete or destroy the relevant Personal Data;

-          archive your Personal Data so that it is beyond use; or

-          anonymise the relevant Personal Data.

If you submit your application for one of our roles, but subsequently wish to withdraw your application, please contact us at jobs@blacksunplc.com.


How we share your Personal Data

Third Parties Designated by You: We may share your Personal Data with third parties where you have provided your consent to do so.

Our Third Party Service Providers: We may share your Personal Data with our third party service providers who provide services such as data analysis, distribution partners, resellers, HR services, information technology and related infrastructure provision (such as Amazon Web Services), customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.

Corporate Restructuring: We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

Other Disclosures: We may share Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Notice; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.


International Data Transfer

We may be required to transfer your information, including Personal Data that we collect from you, outside the country in which you reside where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. To ensure that your Personal Data receives an adequate level of protection and is treated securely, we will put appropriate safeguards in place to protect the privacy and integrity of such Personal Data.


Individuals’ rights and how to exercise them

Individuals have certain rights over their Personal Data and data controllers are responsible for fulfilling these rights. Where we decide how and why Personal Data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to Personal Data

You have a right of access to Personal Data held by us as a data controller. This right may be exercised by emailing us at privacy@blacksunplc.com. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.

Amendment of Personal Data

To update Personal Data submitted to us, you may email us at privacy@blacksunplc.com. When practically possible, once we are informed that any Personal Data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent

Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. We do not generally process Personal Data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your Personal Data please email us at privacy@blacksunplc.com or, to stop receiving an email from a Black Sun marketing list, please click on the unsubscribe link in the relevant email received from us.

Other data subject rights

This Privacy Notice is intended to provide information about what Personal Data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the Personal Data we hold, such as a right to erasure/deletion, to restrict or object to our processing of Personal Data and the right to data portability. Some of these rights will only be available from 25 May 2018.

If you wish to exercise any of these rights, please contact us using the details above. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within the legally required time limits. Please note that we may need to retain certain information for recordkeeping purposes, legal purposes and/or to complete any transactions that you began prior to requesting such change or deletion.


Complaints

If you want to complain about our use of Personal Data, please send an email with the details of your complaint to us at privacy@blacksunplc.com. You also have the right to lodge a formal complaint with a data protection authority. For further information, refer to the UK data protection regulator (Information Commissioner’s Office/ICO) website:

https://ico.org.uk/for-the-public/raising-concerns/.


Changes to this Privacy Notice

This Privacy Notice was last updated on 16th May 2018. We recognise that transparency is an ongoing responsibility so we will keep it under regular review. All changes we make will be described on this page. When required by law, we will notify you of any changes.


Black Sun Plc, Registered in England, Registered number: 01557279
Registered office: Fulham Palace, Bishops Avenue, London SW6 6EA