This is the data protection and privacy policy for VMA Strategic Partners (we/us/our) that explains who we are, why and how we process personal information (also referred to here as personal data) and your rights and how to contact us if you need to.
This policy details how we treat personal data in all of our business operations and sets out:
Information we collect about you
How we use your information
Who we give your information to
Where we store your information
Payment processing
How we protect your information
How long we keep your information
Your rights
Changes to this policy
Contact us
Our contact details are set out at the end of this policy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information we collect about you
We may process your personal data if:
You or the company you work for are a client or a supplier of ours.
You or the company you work for have access to our services.
You work for a client or a supplier of ours, or for someone who uses our services.
You are someone (or you work for someone) to whom we want to advertise or market our services.
You are a person of interest to a client of ours which may mean you are:
A prospective employee;
A prospective business partner or employee of a prospective business partner;
A prospective investor or employee of a prospective investor; or
A competitor or employee of a competitor of one of our clients.
Information we collect from you or from a third party
We may process your personal data that we have either obtained from you, or obtained from somewhere else. Personal data which is not collected directly from you may be collected:
From your employer in connection with your job and how it relates to us or one of our clients.
From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services and open source research providers).
Personal data relating to you that we process may include:
Your name.
Who you work for, your job function, career history and professional achievements.
Your address, phone number, email address or other contact details – these details may relate to your work or to you personally, depending on the nature of our relationship (or that of our client) with you or the company that you work for.
Information about you that you give us by communicating with us by post, by phone, by e-mail or otherwise. It includes information you give us or that we obtain when you use our services, supply us with goods or services, enquire about a service, pay for our services, or contact us to report a problem, or do any of these things on behalf of the person that you work for.
Information relating to transactions with us involving you or the company you work for (for example, details of services that we have supplied to, or goods and services that we have obtained from, you or the person you work for).
Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the company you work for (for example, right-to-work information and information obtained from credit reference agencies where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to).
Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
Information relating to you that you give us or we otherwise obtain when you visit us whether at one of our offices or in any other location (for example, if you sign in or are recorded on CCTV while visiting us).
How we use your information
Information you give to us:
We will use this information to:
Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you or the company you work for and us including:
supplying services to you or the company you work for or receiving goods or services from you or the company you work for, as the case may be;
administering your/your company’s relationship with us;
verifying and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your company;
notifying you about changes to our services.
Provide you with information about our services, if you have given your consent to receiving marketing material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications.
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive) or in order to deliver services to our clients.
You can see a summary of which data we process for what purposes and the lawful basis for such processing in the table.
Who we give your information to
We may share your personal data with:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
Appropriate third parties including:
our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business;
our auditors, legal advisors and other professional advisors or service providers;
Third party agents with whom we work, subject to appropriate confidentiality terms, to obtain and verify reliable information about persons of interest.
Other disclosures we may make
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
If Hakluyt & Company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of Hakluyt & Company, our clients, employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your information
The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.
We may transfer your personal information outside the EEA:
In order to store it.
In order to enable us to provide services to and fulfil our contract with you or the company your work for. This includes processing of payment details and the provision of support services.
Where we are legally required to do so.
In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.
Payment processing
Any payment details you provide us will be securely transferred to our banking partners to fulfil agreed payment for services.
How we protect your information
We implement security safeguards designed to protect your data. We regularly monitor our systems for possible vulnerabilities and attacks. We regularly assess the effectiveness of the security mechanisms we have implemented, and make improvements as we deem necessary. However, we cannot warrant the security of any information that you send us.
How long we keep your information
We retain personal data provided to us by you for administrative purposes for as long as you have a relationship with us in order to meet our contractual obligations to you or your employer and for six years after that to identify any issues and resolve any legal proceedings.
We retain personal data collected and processed in order to deliver our services to clients for the minimum period necessary, which may be up to one year. Where possible we use automatic mechanisms to enforce our data retention policies and we regularly check to ensure that our policies are being adhered to. Personal data collected and processed in order to deliver our services to clients may be retained longer if we are required to preserve records for legal purposes.
Your rights
You have the right under certain circumstances:
to be provided with a copy of your personal data held by us;
to request the rectification or erasure of your personal data held by us;
to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
to object to the further processing of your personal data, including the right to object to marketing;
to request that your provided personal data be moved to a third party.
Your right to withdraw consent:
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at contact@vma-partners.com.
How to exercise your rights
You can exercise the rights listed above at any time by contacting us at contact@vma-partners.com..
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html ). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Purpose and lawful basis for processing of personal data
This table sets out:
What personal data we process
What we use that data for
The lawful basis for the processing
It forms part of our privacy policy which you should also read.
Purpose/Activity Type of data Lawful basis for processing
Client Relationship Management
Managing our client relationships through maintaining contact (including through ad hoc marketing), delivering work product and processing invoices
Identity (of client employees and contacts) data
Contact data
Marketing and Communications data
Performance of a contract with our clients – processing necessary to deliver work product or agree terms
Necessary for our legitimate interests and/or legal obligations – retention of contact and transactional data following the conclusion of a professional engagement for record keeping, legal and accounting purposes
With consent – marketing contacts
Corporate Strategy
Consulting publicly available sources and industry experts on behalf of clients, including: assessing the quality and reputation for probity of senior management teams and key individuals in potential acquisition targets and/or partners; advising on regulatory and policy developments; and considering potential opportunities in new markets. Reporting our findings to our clients
Identity data
Profile data
Biographical data
Necessary for the legitimate interests of our clients – to ensure that any transactions and/or partnerships entered into by our clients are with suitable counterparties, and/or that appropriate strategies are in place for understanding and managing regulatory and policy issues
Dispute Resolution Support
Assisting clients involved in disputes or potential disputes to manage and prepare for litigation or dispute resolution by consulting publicly available sources and industry experts, assessing litigation and settlement strategy, and settlement enforcement; reporting our findings to our clients
Identity data
Profile data
Biographical data
Necessary for the legitimate interests of our clients – to enable our clients to manage their business, dispute and litigation strategy appropriately and to resolve disputes and potential disputes as swiftly as possible
Recruitment Support
Assisting clients in vetting potential senior hires by consulting publicly available sources and industry experts; reporting our findings to our clients
Identity data
Contact data
Profile data
Biographical data
Necessary for the legitimate interests of our clients – to ensure that board level and other senior management candidates meet suitability requirements. Candidates should have a reasonable expectation that background checks will be undertaken and clients are requested to put candidates on notice to this effect
Changes to this policy
Any changes we make to our privacy policy in future will be posted on our website at www.vma-partners.com and, in relation to substantive changes, current clients may be notified by e-mail. This policy was last updated in July 2018.