This Privacy Notice explains how AAK & Co collects, uses, and discloses your information (personal data). In particular, it explains:
- What personal data do we collect;
- How we collect, store, use or share your personal data;
- Why we collect your personal data;
- Your rights in relation to your personal data; and
- Who and how to contact in the event of a concern or a complaint about the way your personal data has been collected, stored, used or shared.
We are committed to safeguarding the privacy of your personal data when it comes into our possession. Please ensure that you read this Notice carefully and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
In this Notice, where we use the terms “we”, “us” or “our” we are talking about AAK & Co.
AAK & Co consists of a group of professionals who work collectively with one another in order to share expertise and better serve the clients. AAK & Co is a “data controller” for the purpose of the relevant data protection legislation, including the General Data Protection Regulation (GDPR), for the information which it collects for marketing, recruitment and employment purposes and acts as a “data processor” on behalf of our firm members, who provide professional services.
What personal data do we collect?
The list below sets out the personal data we may collect in the course of providing services to you:
- Organisation name (where appropriate);
- Email address;
- Telephone numbers;
- Details of your enquiry;
- The areas of work that you are interested in;
- When you visit our website or social media accounts: how you have reached them; the internet protocol address you have used; your browser type, versions and plug-ins, and your operating system; and your journey through our website, including which links you click on and any searches you make, how long you stay on a page and other page interaction information;
- Any personal data that you provide in any application to join us and references from any referees you provide us with; and
- If you are employed by us, personal data (including sensitive personal data) relating to your employment.
We will only collect personal data that is:
- Relevant to the service we are performing for you or that is incidental to that service;
- Relevant to any application that you have made to join us; and/or
- Relevant to your employment with us.
This personal data may be required to enable us to:
- Provide our service to you;
- Consider your application to join us; and/or
- Employ you.
If you do not provide the personal data we ask for, it may delay or prevent us from:
- Providing services to you;
- Considering your application to join us; and/or
- Providing employment to you.
How is your personal data collected?
We collect most of your personal data directly from you through written correspondence, telephone calls, the online contact forms on our website, by email, in person or via other digital platforms such as social media. However, we may also collect information from:
- Publicly accessible sources, e.g., directories, social media and Companies House;
- Our website; and
- Our information technology (IT) systems, including our case management and document management systems.
How and why we will use your personal data
We use your data for the following purposes:
- To administer and provide products and services you request or have expressed an interest in, such as seminars;
- To enable us to communicate with you about events or services that you have requested or expressed an interest in, such as seminars;
- To communicate with you in the event that any products or services you have requested are unavailable;
- For record-keeping purposes;
- To create an individual profile for you so that we can understand and respect your preferences;
- To personalise and/or tailor marketing communications to you;
- To analyse data about web page traffic and improve our website in order to tailor it to visitors’ needs;
- To comply with professional, legal and regulatory obligations that apply to our business;
- To ensure business policies are adhered to, e.g., policies covering security and internet use;
- To conduct statistical analysis to help us manage our practice, e.g., in relation to our financial performance, client base, work type or other efficiency measures;
- To improve efficiency, train staff or assess quality control;
- To undergo external audits and quality checks;
- For our legitimate interests or those of a third party;
- To process applications to join us;
- To manage your employment with us; and
- Where we have been given consent.
We can only use your personal data if we have a lawful and proper reason for doing so. We have a lawful and proper reason to process your personal data because to do so is:
- Necessary for the purposes of legitimate interests pursued by AAK & Co, such as, for the purpose of providing products and services or offering employment;
- Necessary in relation to a contract which you have entered into with us; and/or
- Necessary because you have asked for something to be done so you can enter into a contract with us.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We may use your personal data to send you updates (by email, text message, telephone or post) about the latest developments that might be of interest to you and/or information about our services.
You have the right to opt out of receiving promotional communications at any time by contacting us or unsubscribing from emails
Who do we share your personal data with
We will not share your personal data with other organisations except in the following limited circumstances:
- With our service providers (such as our IT providers), but only where we are satisfied, they take appropriate measures to protect your personal data;
- Where we are under a legal or regulatory duty to do so;
- Where it is necessary to do so to enforce our contractual rights;
- To lawfully assist the police or security services with the prevention and detection of crime or terrorist activity;
- Where such disclosure is necessary to protect the safety or security of any persons;
- Otherwise as permitted under applicable law; and/or
- With your agreement.
How long your personal data will be kept
AAK & Co will retain your data for as long as is reasonably necessary for the required services to be provided to you and will not be retained indefinitely or for reasons incompatible with relevant data protection legislation, including the GDPR.
Transferring your personal data out of the EEA
Where it is necessary to transfer data outside of European Economic Area (EEA), for example where a service provider is located outside the EEA, we will take all necessary steps to ensure the data is afforded the same safeguards and controls as those applied within the EEA.
The GDPR provides the following rights for individuals:
- The right to request access to personal information;
- The right to request inaccurate information to be reviewed and corrected;
- The right to request a restriction to the processing of personal information;
- The right to request personal information held by AAK & Co to be erased in certain circumstances;
- The right to request a copy of the personal information that has been provided to us;
- The right to object to the processing of personal information or the continued processing of personal information; and
- The right to request not to be subject to automated decision making which produces legal effects that concern or affect you in a significantly similar way.
For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.
If you would like to exercise any of these rights, please contact us by filling form on the contacts page of our website. Please ensure that you provide relevant information to allow us to identify you (such as your address) and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity. We will respond to you within one month from when we receive a valid request.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complaint
If you have a complaint regarding any aspect of your personal data, please contact us by filling form on the contacts page of our website with the subject line privacy complaints.
If you are not satisfied with the outcome of your complaint, you can complain to the Information Commissioner’s Office and may be contacted at:
https://ico.org.uk/make-a-complaint/ or by telephone at 0303 123 1113.