Privacy Policy

It’s always good to know where things stand. Here’s where we set out the important stuff regarding privacy so you know what’s what.

Introduction

We want you to understand our Privacy Policy and, specifically, what information we gather in connection with your access and use of our websites, how that information is used, with whom we share that information, and what we do to protect it. We’re accountable for the protection of your Personal Data under our control and are committed to following this Privacy Policy and complying with the law. This Privacy Policy is not a contract between us and you. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

In this Privacy Policy, Black Swan, we, us, or our means Black Swan Data Ltd, based in London, England, and you or your means a person who accesses our websites.

For users of our SaaS services, please see the SaaS Services Privacy Policy here: https://info.blackswan.com/saas-service-privacy-policy.

Controller

Black Swan Data Ltd is the controller. We have a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Collection of information

We collect Personal Data directly or indirectly from you, including in the following ways:

when you access our websites;
when you communicate with us, whether by phone, email, “contact us” forms, snail mail, courier, carrier pigeon, or by any other means;
when you sign up for any of our sweepstakes, contests, or other promotions;
when you request sample reports or other materials or information about us or our business;
when you signing up for or attend any seminars, conferences, parties, get-togethers, pub crawls, or other events we put on, sponsor, host, or attend;
referrals; and
through automated means such as communication protocols and cookies (for more about cookies, see Cookies below).

Personal Data

Personal Data may include the following, not all of which we collect:

Identifiers	Such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
Personal information categories listed in the California Client Records statute (Cal. Civ. Code § 1798.80(e))	Such as a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, river’s icense or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card umber, debit card number, or any other financial information, medical information, or health insurance information. Some personal data included in this category may overlap with other categories.
“Sensitive Personal Data” under the UK Data Protection Act 2018	Personal Data consisting of information as to: (a) the racial or ethnic origin of the data subject; (b) their political opinions; (c) their eligious beliefs or other beliefs of a similar nature; (d) whether they are a member of a trade union; € their physical or mental health or ondition; (f) their sexual life; (g) the commission or alleged commission by them of any offence; or (h) any proceedings for any offence committed r alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings. We do not knowingly collect this type of data.
“Sensitive Personal Data” under the GDPR	Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, iometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not knowingly collect this type of data.
Protected classification characteristics under California or US federal law	Such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental isability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). We do not knowingly collect this type of data.
Commercial information	Such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or endencies. We do not knowingly collect this type of data.
Biometric information	Such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. We do not knowingly collect this type of data.
Internet or other similar network activity	Such as browsing history, search history, information on a person’s interaction with a website, application, or advertisement.
Geolocation data	We do not knowingly collect this type of data, but inferences about your location can be drawn from your IP address information.
Sensory data	Audio, visual, thermal, olfactory, or similar information. We do not knowingly collect this type of data.
Inferences drawn from other Personal Data	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

You agree that we can, subject to applicable law, use your Personal Data (including, as applicable, sharing relevant Personal Data with our affiliates, resellers, channel partners, service providers, and/or agents) to operate and improve the websites; respond to your requests and inquiries; conduct analysis and research; prevent fraud or misuse; protect our rights or property or the safety of you or others; and send you communications regarding events you have signed up for, information you have requested, or other requests you have made, or for reasonably relevant things we believe you might find to be of interest. We may also disclose Personal Data if we believe in good faith that we are required to do so by law, or that doing so is necessary to comply with legal process, respond to requests from law enforcement or governmental agencies, to respond to claims, or to protect our rights.

Your Personal Data is stored and processed in the countries in which we or our affiliates or service providers maintain facilities, which includes the UK, EU, US, and South Africa. We reserve the right to transfer and store your Personal Data outside the country in which you reside.

As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, as well as in the event we or part of our business or assets are acquired by a third party, your Personal Data and other information will generally be one of the transferred business assets. We reserve the right to include your Personal Data and other information, collected as assets, in any such transfer to a third party. Additionally, your Personal Data and other information could be disclosed as part of a bankruptcy involving us.

Persons under 18 years of age

Our websites are not directed towards persons under 18 years of age and we do not intentionally or knowingly collect Personal Data from persons under 18 years of age. In the event a person under 18 years of age accesses our websites their information could be collected as described in this Privacy Policy. We will delete such Personal Data upon being notified.

Links to third party websites

Where we provide links to third party websites, this Privacy Policy does not cover how that website processes Personal Data. We encourage you to read the privacy policies on the third party websites you visit.

Analytics

When you visit our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google in its capacity as our data processor, to make, any attempt to find out the identities of those visiting our website through such analytics information.

Marketing

If you requested, or opted-in to receive, marketing communications from us, from time to time we may send you information about Black Swan news, events, reports, and services of ours that we think you might find to be of interest. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click the unsubscribe link in the marketing email we sent you or send a request to DPO@blackswan.com asking to be unsubscribed.

Consent for Electronic Communications

We use contact information you provide us with to communicate with you regarding your inquiry or request. By providing this contact information, you consent to receive such communications at such e-mail address, mailing address, and/or telephone number.

What Are Cookies and how do we use them?

Cookies are pieces of information that are transferred to your computer or mobile device through a browser. For further information, visit www.allaboutcookies.org. We use cookies to collect and store certain information. We may use both session cookies (which expire when you close your web browser) and persistent cookies (which stay on your device until you delete them).

How we treat “Do Not Track” or similar signals

Some browsers provide you with “do not track” options. Because there is not yet a common understanding of how to interpret the “do not track” signal, we do not currently respond to the browser “do not track” signals when you access our websites.

Legal basis for processing

The legal basis we rely on to process your Personal Data is article 6(1)(f) of the UK GDPR, which allows us to process Personal Data when its necessary for the purposes of our legitimate interests.

How long is the Personal Data kept for?

We will retain your Personal Data only for as long as is necessary to maintain records until they cannot be lawfully challenged and legal proceedings may no longer be pursued; carry out marketing activities; comply with applicable law, regulatory requests, and relevant orders from government authorities; and fulfill any of the other purposes detailed in this Privacy Policy.

Do we use any data processors?

Yes, we have service providers that act on our behalf that process your Personal Data. This would include our cloud provider (AWS (Ireland)) and others, such as Google Analytics. These data processors do not have our permission to extract or use your Personal Data for other purposes.

International processing

We may share and process your Personal Data with Black Swan’s affiliates in the US, EU, and South Africa.

We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it. When we share Personal Data with our affiliates, we do so in a manner consistent with our privacy protocols and in compliance with local laws and regulatory requirements.

Data security

We take commercially reasonable physical, organizational, and technical measures to protect your Personal Data in our possession. We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They are permitted to only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We cannot guarantee the absolute security of our database, nor can we guarantee that any information supplied will not be intercepted while being transmitted over wireless networks or the Internet. We have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data rights for EU and UK residents

Your right of access

You have the right to ask us for copies of your Personal Data.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have the right to ask us to erase your Personal Data in certain circumstances. This right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Your right to object to processing

You have the right to object to processing. This enables you to ask us to delete or remove Personal Data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Withdraw consent at any time where we are relying on consent to process your Personal Data.

However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If we are processing your information for criminal law enforcement purposes, your rights are slightly different.

You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact our DPO if you wish to make a request.

Data rights for California residents

Effective on January 1, 2020, the California Consumer Privacy Act (CCPA) provides users who are California residents with specific rights regarding their Personal Data. If you reside in California, you may exercise the following rights:

A right to disclosure of the categories of Personal Data collected by us
A right to disclosure of the specific pieces of Personal Data collected by us
A right to deletion of Personal Data by us (subject to certain Exceptions outlined below)
A right to receive Personal Data in a format that will allow its transfer to third parties by you
A right to opt-out of the “sale” of Personal Data, where a “sale” under the CCPA means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data to another business or a third party for monetary or other valuable consideration.” We do not sell your Personal Data.
A right to sue for security breaches of Personal Data

Access to specific information and data portability rights

You have the right to request that we disclose to you your Personal Data we have collected about you over the past 12 months from the date of your request. Once we receive and confirm your request, we will disclose to you:

The categories of Personal Data we collected about you
The categories of sources for the Personal Data we collected about you.
Our business and commercial purposes for collecting or selling that Personal Data.
The categories of third parties with whom we shared that Personal Data.
he specific pieces of Personal Data we collected about you.
f we “sold” or disclosed your Personal Data for a business purpose, up to two separate lists disclosing:
- if we “sold” your Personal Data, “sales”, identifying the Personal Data categories that each category of recipient “purchased”; and
- if we disclosed your Personal Data, disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
We have not sold any of your Personal Data.

Deletion request rights

You have the right to request that we delete any of Personal Data that we collected from you and retained, subject to certain Exceptions (as listed below). Once we receive and confirm your request, we will delete your Personal Data from our records unless an Exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) for the following Exceptions:

to complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
to debug products to identify and repair errors that impair existing intended functionality;
to exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
to enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
to comply with a legal obligation; or
to make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

deny you goods or services
charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
provide you a different level or quality of goods or services.
suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may still offer you certain financial incentives that can result in different prices, rates, or service quality levels as permitted by the CCPA. We do not at this time provide such financial incentives.

Exercising access, data portability and deletion rights

To exercise your rights described above, please submit a request to us by either:

emailing us at dpo@blackswan.com and specifying your request type (disclosure, category, or deletion); or
mailing us at: Black Swan Data Ltd, Attn DPO, 12th Floor, WeWork Building, 10 York Rd, SE1 7ND London UK, and specifying your request type (disclosure, category, or deletion).

Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Data. You may also make a request on behalf of your minor child. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.

You may only make a request for access or data portability twice within a 12-month period. The request must:

provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Making a request does not require you to create an account with us. Also, we will only use Personal Data provided in a request to verify the requestor’s identity or authority to make the request.

Your authorized agent

You have the right to designate an authorized agent to make a request under the CCPA on your behalf.

Response timing and format

We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response electronically or, at your option, by mail.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Can this Privacy Policy be modified?

We reserve the right to modify this Privacy Policy at any time. Accessing the websites after we have published a modified Privacy Policy constitutes acceptance of such modified Privacy Policy.

How we notify you of modifications.

We will publish a link to the modified Privacy Policy on our websites. The modified Privacy Policy becomes effective upon publishing. If the modifications are material, we will provide more prominent notice as appropriate under the circumstances (for example, for a period of time following publication the icon or link to the Privacy Policy may be highlighted or include the word such as “modified,” “revised,” “updated” or similar).

How can we be contacted?

By email at DPO@blackswan.com or by snail mail at: Black Swan Data Ltd, Attn: Data Protection Officer, 15th Floor, WeWork Building, 10 York Rd, London, SE1 7ND England.

How to contact the appropriate authority?

Should you wish to report a complaint or if you feel that we have not addressed your concern regarding privacy in a satisfactory manner, you may contact the U.K. Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Black Swan’s Data Protection Registration Number with the ico is ZA119730.