This version 20th April 2019
Your privacy and trust are important to us.
This Statement explains how the The FingerPost Co Ltd (“FingerPost,” “we”, “us” or “our”) collect, handle, store and protect personal information about you in the context of our services. It also provides information about your rights and about how you can contact us if you have questions about how we handle your information.
Who this statement applies to and what it covers
This Statement applies to individuals who use any website, application, including mobile application (“app”), product, software or service of ours that hyperlinks to this Statement (we call these our “Services”).
It does not generally apply to individuals whose personal information forms part of the content included within our products, although you can find further information on that topic here.
FingerPost provides information solutions for professionals and our Services are generally not aimed at children.
Depending on the Service, we may provide additional or different privacy statements or notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which statements apply to which interactions and Services. For example, if you use one of our mobile apps, we provide you a separate notice in relation to a particular data type collected through that app.
Within our Services, there may be links to third-party websites or applications. We are not responsible for the content or privacy compliance of third party websites or applications. You should check those websites or applications for their privacy statements and terms that apply to them.
Children’s Privacy. Our Services are not generally aimed at children. In the limited circumstances where we may collect and use personal information about children, for example to develop an educational resource, we will comply with industry guidelines and applicable laws.
Who we are
FingerPost is a small company based in London, UK.
For some Services we make decisions on how personal information is used in the context of a Service (FingerPost is a controller of personal information in this case), and for other Services we will only use personal information as instructed by our customers (FingerPost is a processor of personal information in this case). Below you can find more information on the cases in which FingerPost is a controller of personal information and information on how to contact us.
To learn more about the products in which we are a controller of personal information, please email dot.AT.fingerpost.co.uk
Sources of personal information
We collect personal information about you from your interactions with us and from certain third parties and other sources (such as your employer or the subscriber providing access to our Services or from publicly available sources where permissible).
We obtain personal information from you:
– through your interactions with us and our Services, such as, when you purchase or use our Services, register for an event, request information or call us for support (please note that we may record or monitor our telephone calls for compliance and quality assurance purposes)
– through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyze usage and improve users’ experience
through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found here and information related to Interest-Based and Mobile Advertising can be found here.
We also collect personal information about you from third parties such as:
– the person(s) arranging for you to access our Services (e.g., your employer or our subscriber) in order to set up a user account
– an organization to which you belong where that organization provides you access to our Services (such as a library providing you access to certain of our Services, like our legal information products)
– partners and service providers who work with us in relation to your Service
– publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services
What types of personal information we may collect ?
The type of personal information we collect depends on how you are interacting with us and which Services you are purchasing or using.
In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get full functionality from the Services.
The personal information we may collect consists of the following:
– Name and contact data, such as, first and last name, email address, postal address, phone number, and other similar contact data
– Account Credentials, such as, passwords and other security information for authentication and access
– User content, such as, communications and files provided by you in relation to your use of the Services
– Payment information, such as, payment card number (credit or debit card), and the security code associated with your payment instrument, if you make a payment
– Device information, such as, information about your device, such as IP address, location or provider
– Usage information and browsing history, such as, information about how you navigate within our Services, your browsing history and which elements of our Services you use the most
– Location data, for Services with location-enhanced features. If we need your consent to collect geo-location data, we will collect this separately
– Demographic information, such as, your country, and preferred language
– CCTV, if you visit us or attend a FingerPost event
How we use personal information
This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve Services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.
Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
– necessary for the performance of a contract: where we have a contract with you, we will process your personal information in order to fulfil that contract (i.e., to provide you with Services)
– in our or a third parties’ legitimate interests: details of those legitimate interests are set out in more detail below (e.g., provision of Services that we are contractually obliged by a third party, such as your employer or our subscriber, to deliver to you)
– where you give us your consent: we only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent
– for compliance with a legal obligation (e.g., to respond to a court order or a regulator)
– You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Legitimate interests for use
We use personal information for a number of legitimate interests, including to provide and improve Services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
– to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription and Service information
– to administer our relationship with you, our business and our third-party providers (e.g., to send invoices)
– to deliver and suggest tailored content such as news, research, reports and business information. We analyze the way you use our Services to make suggestions to you for features or Services that we believe you will also be interested in, and so that we can make our Services more user-friendly
– to personalize your experience with our Services. We may retain your browsing and usage information to make your searches within our Services more relevant and use those insights to target advertising to you online on our websites and apps. Your choices in relation to marketing are explained here.
– We may sometimes share your personal information across our Services so that we can make all of the Services we deliver to you more intuitive (e.g., rather than requiring you to enter the same data many times)
– to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyze the data collected for market research purposes
– to display information you choose to post, share, upload or make available in chat rooms, messaging services, and community and event forums (including in community and event profiles) and for related collaboration, peer connection, games and information exchange
– to provide any third party, who has made our Services available to you (e.g., your employer or our subscriber), insights about use of the Services
– for internal research and development purposes and to improve, test and enhance the features and functions of our Services
– to provide you with marketing as permitted by law
– to meet our internal and external audit requirements, including our information security obligations (and if your employer or our subscriber provides for your access to our Services, to meet their internal and external audit requirements)
– to enforce our terms and conditions
– to protect our rights, privacy, safety, networks, systems and property, or those of other persons
– for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
– to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
– in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work
– in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
– Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our Privacy Team.
How we share personal information
We share personal information within FingerPost, with relevant business partners and third party service providers, the person providing for your access to our Services (if that is not you) and in accordance with law. Our third-party service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.
We share your information for the purposes set out in this Statement, with the following categories of recipients:
– the person providing your access to our Services (e.g., your employer or our subscriber)
– business partners with whom we deliver co-branded Services, provide content, or to host events, conferences and seminars
– third parties that help us deliver Services or act on our behalf
– third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities)
– third parties in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we may disclose your personal data to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale
– third parties where reasonably required to protect our rights, users, systems and Services (e.g., legal counsel and information security professionals)
– any person you have asked us to share information with (e.g., if you upload information into a public forum it is shared publicly)
FingerPost is a global organization and your personal information may be stored and processed outside of your home country, including in countries that may not offer the same level of protection for your personal information as your home country. We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. More information about these safeguards (including copies, where relevant) can be obtained by contacting us here.
FingerPost has networks, databases, servers, systems, support around the world. We collaborate with third parties like cloud hosting services, suppliers and technology support located around the world to serve the needs of our business, workforce and customers. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within FingerPost or to third parties in areas outside of your home country, including to countries that have not been declared adequate for the purposes of data protection by the European Commission.
The areas in which these recipients are located will vary from time to time, but include the United States, Europe, Canada, Asia (including Australia and India), and other countries where FingerPost has a presence or uses contractors.
How we secure personal information
FingerPost takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the service provided.
Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet the sensitivity of the personal information we handle, our business needs, changes in technology and regulatory requirements. We have implemented appropriate information security controls.
How long we keep personal information
We calculate retention periods for your personal information in accordance with the following criteria:
– the length of time necessary to fulfil the purposes we collected it for
– when you or your employer (or other subscriber providing for your access to our Services) cease to use our Services
– the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations
– any limitation periods within which claims might be made
– any retention periods prescribed by law or recommended by regulators, professional bodies or associations
– the existence of any relevant proceedings
You may have rights under European and other laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.
We will honour your rights under applicable data protection laws. You have the following rights under European laws, and may have similar rights under the laws of other countries.
– Right of subject access: The right to make a written request for details of your personal information and a copy of that personal information
– Right to rectification: The right to have inaccurate information about you corrected or removed
– Right to erasure (‘right to be forgotten’): The right to have certain personal information about you erased
– Right to restriction of processing: The right to request that your personal information is only used for restricted purposes
– Right to opt out of marketing: You can manage your marketing preferences by unsubscribe links found in the communications you receive from us or by visiting the applicable preference center
– Right to object: The right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests
– Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format
– Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
These rights are not absolute and they do not always apply in all cases.
In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
In order to exercise your rights please email dot.AT.fingerpost.co.uk
Cookies and similar technologies
What is a cookie?
A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
Types of cookies and why we use them
Absolutely necessary cookies: These cookies are essential to enable you to move around a website and use its features. Without these cookies, Services you have asked for, like adding items to an online shopping cart, cannot be provided.
Performance cookies: These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These cookies only collect information in an aggregated format. Performance cookies are used to improve the user-friendliness of a website and enhance your experience.
Functionality cookies: These cookies allow the website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other customizable parts of web pages. They may also be used to provide Services you have asked for, such as watching a video or commenting on a blog. These cookies cannot track your browsing activity on other websites.
You can manage website cookies in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work as intended on the Services. All browser settings are slightly different, so to manage cookies, you should refer to the relevant settings within your browser.
We understand that you may want to know more about cookies. Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org. Please click below for detailed information on how to disable and delete cookies in some commonly used browsers:
Microsoft® Internet Explorer
We use certain other tracking technologies in addition to cookies
Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of a common interpretation of DNT signals throughout the industry, we do not currently alter, change, or respond to DNT requests or signals from these browsers. We continue to monitor industry activity in this area and reassess our DNT practices as necessary.
Connecting via social networks
Some of our Services may include social networking features, such as the Facebook® “Like” button and widgets, “Share” buttons, and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn®, to log into some of our Services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these Services. These Services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.
Where to find further privacy information on our products and services
This Statement generally relates to the personal information we collect about users in connection with the Services, where we make decisions about how that personal information is handled (FingerPost as a controller).
Where we need to give you additional information about how your personal information is used in relation to specific Services we will provide separate or additional privacy notices.
Your professional service provider (e.g., your financial, tax, legal or accounting adviser) and other third parties may enter your personal information into Services we make available to, and host for them on their behalf. They may provide their own privacy notices to you. You should contact them for these notices, and you may also be able to find their privacy notices on their websites.
Use of Publicly Available Data within Our Services
Many professionals and third parties rely on the use of publicly available information in order to carry out research or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks).
To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain (some of which is behind a paywall and some not).
We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with data protection laws.
Where we process non-sensitive personal information within those Services, it is normally processed because it is in our or a third parties’ legitimate interests to do so. In the limited circumstances where we process sensitive personal information, we normally do so where:
– necessary in relation to obligations under employment, social security and social protection law
– personal information has been manifestly made public by the person to whom it relates
– necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
– processing is necessary for reasons of substantial public interest, on the basis of applicable law
– We put in place appropriate measures to protect your information where it is transferred internationally, to secure it and to ensure it is retained only for a reasonable period.
If you would like to make further enquiries about how personal information is used within a specific Service, please contact our Privacy Team.
How to contact us
If you have any questions, comments, complaints or suggestions in relation to data protection or this Statement, or any other concerns about the way in which we process information about you, please contact our Privacy Team at dot.AT.fingerpost.co.uk or at Privacy Team, FingerPost, 11 Northington Street, London WC1N 2JF, United Kingdom.
Filing a Complaint. If you are not content with how FingerPost manages your personal information, you can lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where:
you are resident
you work, or
the alleged infringement took place
A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Updates to this statement
This Statement may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Statement affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on a product site or email you to let you know of an updated Statement.