It’s always good to know where things stand. Here’s where we set out the important stuff regarding privacy so you know what’s what.
We collect Personal Data directly or indirectly from you, including in the following ways:
Personal Data may include the following, not all of which we collect:
|Identifiers||Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.|
|Personal information categories listed in the California Client Records statute (Cal. Civ. Code § 1798.80(e))||Such as a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, river’s icense or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card umber, debit card number, or any other financial information, medical information, or health insurance information. Some personal data included in this category may overlap with other categories.|
|“Sensitive Personal Data” under the UK Data Protection Act 2018||Personal Data consisting of information as to: (a) the racial or ethnic origin of the data subject; (b) their political opinions; (c) their eligious beliefs or other beliefs of a similar nature; (d) whether they are a member of a trade union; € their physical or mental health or ondition; (f) their sexual life; (g) the commission or alleged commission by them of any offence; or (h) any proceedings for any offence committed r alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings. We do not knowingly collect this type of data.|
|“Sensitive Personal Data” under the GDPR||Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, iometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not knowingly collect this type of data.|
|Protected classification characteristics under California or US federal law||Such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental isability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). We do not knowingly collect this type of data.|
|Commercial information||Such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or endencies. We do not knowingly collect this type of data.|
|Biometric information||Such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. We do not knowingly collect this type of data.|
|Internet or other similar network activity||Such as browsing history, search history, information on a person’s interaction with a website, application, or advertisement.|
|Geolocation data||We do not knowingly collect this type of data, but inferences about your location can be drawn from your IP address information.|
|Sensory data||Audio, visual, thermal, olfactory, or similar information. We do not knowingly collect this type of data.|
|Inferences drawn from other Personal Data||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.|
You agree that we can, subject to applicable law, use your Personal Data (including, as applicable, sharing relevant Personal Data with our affiliates, resellers, channel partners, service providers, and/or agents) to operate and improve the websites; respond to your requests and inquiries; conduct analysis and research; prevent fraud or misuse; protect our rights or property or the safety of you or others; and send you communications regarding events you have signed up for, information you have requested, or other requests you have made, or for reasonably relevant things we believe you might find to be of interest. We may also disclose Personal Data if we believe in good faith that we are required to do so by law, or that doing so is necessary to comply with legal process, respond to requests from law enforcement or governmental agencies, to respond to claims, or to protect our rights.
Your Personal Data is stored and processed in the countries in which we or our affiliates or service providers maintain facilities, which includes the UK, EU, US, and South Africa. We reserve the right to transfer and store your Personal Data outside the country in which you reside.
As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, as well as in the event we or part of our business or assets are acquired by a third party, your Personal Data and other information will generally be one of the transferred business assets. We reserve the right to include your Personal Data and other information, collected as assets, in any such transfer to a third party. Additionally, your Personal Data and other information could be disclosed as part of a bankruptcy involving us.
When you visit our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google in its capacity as our data processor, to make, any attempt to find out the identities of those visiting our website through such analytics information.
If you requested, or opted-in to receive, marketing communications from us, from time to time we may send you information about Black Swan news, events, reports, and services of ours that we think you might find to be of interest. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click the unsubscribe link in the marketing email we sent you or send a request to DPO@blackswan.com asking to be unsubscribed.
We use contact information you provide us with to communicate with you regarding your inquiry or request. By providing this contact information, you consent to receive such communications at such e-mail address, mailing address, and/or telephone number.
Some browsers provide you with “do not track” options. Because there is not yet a common understanding of how to interpret the “do not track” signal, we do not currently respond to the browser “do not track” signals when you access our websites.
The legal basis we rely on to process your Personal Data is article 6(1)(f) of the UK GDPR, which allows us to process Personal Data when its necessary for the purposes of our legitimate interests.
Yes, we have service providers that act on our behalf that process your Personal Data. This would include our cloud provider (AWS (Ireland)) and others, such as Google Analytics. These data processors do not have our permission to extract or use your Personal Data for other purposes.
We may share and process your Personal Data with Black Swan’s affiliates in the US, EU, and South Africa.
We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it. When we share Personal Data with our affiliates, we do so in a manner consistent with our privacy protocols and in compliance with local laws and regulatory requirements.
We take commercially reasonable physical, organizational, and technical measures to protect your Personal Data in our possession. We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They are permitted to only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We cannot guarantee the absolute security of our database, nor can we guarantee that any information supplied will not be intercepted while being transmitted over wireless networks or the Internet. We have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have the right to ask us for copies of your Personal Data.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
You have the right to ask us to erase your Personal Data in certain circumstances. This right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
You have the right to ask us to restrict the processing of your information in certain circumstances. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You have the right to object to processing. This enables you to ask us to delete or remove Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different.
Effective on January 1, 2020, the California Consumer Privacy Act (CCPA) provides users who are California residents with specific rights regarding their Personal Data. If you reside in California, you may exercise the following rights:
You have the right to request that we disclose to you your Personal Data we have collected about you over the past 12 months from the date of your request. Once we receive and confirm your request, we will disclose to you:
You have the right to request that we delete any of Personal Data that we collected from you and retained, subject to certain Exceptions (as listed below). Once we receive and confirm your request, we will delete your Personal Data from our records unless an Exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) for the following Exceptions:
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may still offer you certain financial incentives that can result in different prices, rates, or service quality levels as permitted by the CCPA. We do not at this time provide such financial incentives.
To exercise your rights described above, please submit a request to us by either:
Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Data. You may also make a request on behalf of your minor child. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.
You may only make a request for access or data portability twice within a 12-month period. The request must:
Making a request does not require you to create an account with us. Also, we will only use Personal Data provided in a request to verify the requestor’s identity or authority to make the request.
You have the right to designate an authorized agent to make a request under the CCPA on your behalf.
We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response electronically or, at your option, by mail.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
By email at DPO@blackswan.com or by snail mail at: Black Swan Data Ltd, Attn: Data Protection Officer, 15th Floor, WeWork Building, 10 York Rd, London, SE1 7ND England.
Should you wish to report a complaint or if you feel that we have not addressed your concern regarding privacy in a satisfactory manner, you may contact the U.K. Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Black Swan’s Data Protection Registration Number with the ico is ZA119730.
Last revised: 18 August 2021 © 2021 Black Swan Data Ltd. All rights reserved.