GDPR Policy
1. PURPOSE OF THIS EU/UK PRIVACY NOTICE
This EU/UK Privacy Notice (“Privacy Notice”) sets out how FleishmanHillard and our FleishmanHillard branded companies (“we”, “us” or “our”) processes your personal data in connection with our business, including the provision of our website at Global PR and Marketing Agency – FleishmanHillard (“Site”) and the services we offer (“Services”).
In particular, this Privacy Notice explains our approach to any personal data that we might collect from you (i) when you use our Site or Services (ii) during any other interactions with us, or (iii) which we might otherwise process when providing Services to our clients (including the personal data we collect, why we collected it and your rights in respect of our processing of your personal data).
This Privacy Notice is intended to assist you in making informed decisions when using the Site and our Services. Please take a moment to read and understand this Privacy Notice. It is intended to be read in conjunction with our Cookie Notice.
Finally, this Privacy Notice is only intended to meet the requirements of:
- Regulation (EU) 2016/79 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”).
- Equivalent data protection laws in the United Kingdom (the “UK GDPR”).
For ease of reference, in this Privacy Notice we use the term “GDPR” to collectively refer to the EU GDPR, UK GDPR.
Where other privacy laws (other than the GDPR) apply, please see our global Privacy Notice.
2. SCOPE OF THIS PRIVACY NOTICE
This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links on our Site to third party websites over which we have no control).
Please note this Policy is not intended to cover our processing of FleishmanHillard staff personal data. Accordingly, if you are engaged as a worker for us, please see our Workplace Privacy Notice which sets out further information about how we may process your personal data in connection with your employment and/or engagement.
This Privacy Notice only applies where the GDPR applies. Where other privacy laws apply, please see our General Privacy Notice.
3. CHANGES TO THIS PRIVACY NOTICE
We will update this Privacy Notice from time to time to reflect any changes or proposed changes to our use of your personal data, or to comply with changes in applicable law or regulatory requirements. We may notify you by email of any significant changes to this Privacy Notice, but we encourage you to review this Privacy Notice periodically to keep up to date on how we use your personal data. If we update this Privacy Notice, we will update the effective date at the top of the page.
4. ABOUT US
This Privacy Notice applies to the processing of personal data by Fleishman-Hillard Group Limited, Fleishman Hillard Germany GmbH, Fleishman-Hillard S.A., Fleishman-Hillard International Communications Limited, Fleishman-Hillard Sp.z.o.o. and Fleishman-Hillard s.r.o., and Fleishman-Hillard Inc., and to the extent any other non-European FleishmanHillard entities are subject to the GDPR.
For the purpose of this Privacy Notice and the GDPR, to the extent any of the above entities use cases identified in this Policy, each will be considered a “data controller” of your personal data.
Please note that in many cases where we process data in relation to Services that we provide, we may carry out the activities referred to in this Privacy Notice in our capacity as a data processor acting on behalf of our clients. We have made this distinction clear in the Privacy Notice.
5. HOW TO CONTACT US
If you have any questions about this Privacy Notice or want to exercise your rights as a data subject set out in this Privacy Notice, you can contact us using the following methods:
General Contact in the EEA | Ann Coyne Finance Director 15 Fitzwilliam Quay Dublin 4 Ireland Email: [email protected] |
Contact at our corporate headquarters | General Counsel FleishmanHillard 200 No. Broadway St. Louis, Missouri 63102 Email: [email protected] |
6. TYPE OF PERSONAL DATA WE COLLECT/PROCESS
When we talk about personal data we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance. Categories of personal data we may collect and process about you include:
Identity Data | First name; last name |
Contact Data | Physical address, email address, telephone number; social media handle |
Applicant Data | Information for hiring talent and human resources (e.g. work eligibility status, financial account information, government-Issued Identification Information); dietary requirements any other personal data that you may provide in advance of/during your supply of services to us. |
Image Data | Photos; video recordings. |
Financial Data | Financial Data Bank account details; partial payment card details. |
Transaction Data | Details about payments made between you and us; details of services purchased from us] |
Profile Data | Date of birth; gender; country; nationality; CVs, work experience; information about your employment or education history; Interests and preferences; contact preferences; whether you have participated in any promotions or competitions; feedback and survey responses; the content of any messaging you send using any Enquiry Form on the Site. |
Behavioural Data | Data relating to your browsing activity, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any services you viewed or purchased through the Site. |
Technical Data | IP address; browser type and operating system; geolocation, to ensure we’re showing you the correct notices and information; any other unique numbers assigned to a device. |
Marketing and Communications Data | Marketing preferences; service communication preferences. |
Publicly Available Data | Information about articles (or similar) that you may have published; Information about your interests or affiliations or publicly stated positions on political matter, corporate matters and similar. |
For more information about the personal data we collect please refer to section “HOW WE USE PERSONAL DATA” below.
7. HOW WE COLLECT PERSONAL DATA
We may collect and receive your personal data using different methods:
Personal data you provide to us | You may give us your personal data directly, for example, when you contact us with enquiries, complete forms on our Site or participate in a survey, subscribe to receive our marketing communications or provide feedback to us, provide services to us or otherwise through your interactions with us. |
Personal data we collect from using cookies and other similar technologies | When you access and use our Site, we will collect certain Behavioural and Technical Data. We collect this personal data by using cookies and other similar technologies (see the “Website insight and analysis” section below). |
Personal data received from third parties | We may receive personal data about you from third parties. For example, we may receive your contact details from an industry contact or our client or we may receive your CV or resume from your agent or recruitment service provider or we may receive information about your dietary requirements from your agent or our hospitality provider. Third parties may also include analytics providers, data brokers, third party directories and third parties that provide technical services to us so that we can provide our Site and our Services. |
Publicly available personal data | From time to time we may collect personal data about you (including your Identity Data, Contact Data or Publicly Available Data) that is contained in publicly available sources (including open source data sets) or media reports or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories or posts on social media platforms). |
8. WHO WE COLLECT PERSONAL DATA ABOUT
Site visitors | We will collect and process your personal data in connection with your interaction with us and our Site. |
People who contact us with enquiries | If you contact us with an enquiry through our Site, submit a complaint or provide any feedback to us in our surveys and feedback forms, we will collect and process your personal data in connection with your interaction with us and our Site. |
Client personnel | We may collect and process your personal data in connection with the supply of services to you and/or your organization. |
Talent | If you supply services and/or content to us and/or work with us to provide services to our client (including featuring in content we produce), we may collect or process your personal data, such as your Identity Data, Contact Data, Financial Data, CVs in connection with such supply of services and/or content to us and our clients. |
Partner/supplier personnel | If you (or your organisation) supply products or services to us (or our clients) or otherwise partner with us, we may collect and process your personal data in connection with our receipt of those products and services and/or partnership. This may include personal data included in any email or telephone communications or recorded on any document relating to an order for the products or services, such as your Contact Data. |
Visitors to our offices, studios, production sites | If you attend one of our physical offices or other locations, we may process personal data that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer personal data when signing in as a guest, or when you register for and access our guest Wi-Fi network at our premises. CCTV footage may also be collected for security purposes. |
Event attendees | If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event. |
Job applicants | If you apply for a job with us, whether through the Site or otherwise, we will collect and process your personal data in connection with your application. |
Members of the public | We may process your data in connection with the provision of the Services to our clients. |
9. HOW WE USE PERSONAL DATA
A. OPERATION OF SITE, PROVISION OF SERVICES AND MARKETING
I. Operation of Site
If you browse our Site
When you browse our Site, we collect and process Behavioural Data and Technical Data to help us understand how you are using and navigating our Site. We do this so that we can better understand which parts of our Site are more or less popular and improve the structure and navigation of our Site.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you for the Services, or it is in our legitimate interest to use personal data in such a way to ensure that we provide access to our Site in a secure and effective way and so that we can make improvements to our Site.
Website insight and analysis
We and our third-party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the devices that you use to access our Site. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data. Please see our Cookie Notice for further information, including details of our third-party partners.
We and our third-party partners use this data to analyse how you use our Site and our Services and the effectiveness of our Site and Services, including:
- to analyse how you use, and the effectiveness of, our Site and Services;
- to count users who have visited our Site and collect other types of information, including insights about visitor browsing habits, which helps us to improve our Site and Services;
- to measure the effectiveness of our content;
- to learn what parts of our Site are most attractive to our users, which parts of our Site are the most interesting and what kind of features and functionalities our visitors like to see;
- to help us understand the type of marketing content that is most likely to appeal to our visitors and customers.
Our legal basis for processing
Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy for further details.
In certain circumstances, we may rely on another lawful basis when we use your personal data collected via the use of cookies. For example, where we use personal data collected through the use of analytics cookies to analyse how you use our Site, it is in our legitimate interest to use your personal data in such a way to improve our Site and Services.
If you link to social media sites and interact with our social media pages
If you click on one of the social media links on our Site or otherwise interact with our social media pages such as on Facebook or Instagram (including interacting with any ‘like’ or similar embedded features on our Site), we and the relevant social media platform may receive information relating to such interaction and may share your personal data in connection with this purpose. Where that data is collected through your use of our Site, the data may include certain Behavioural Data and Technical Data. For more information about how we use this personal data, please see the ‘Website insight and analysis’ section.
The relevant social media platform may also be a controller in respect of the personal data that is collected via your use of our social media pages and may use that personal data for additional purposes. For details of how the relevant social media platform uses your personal data, please see the privacy notice of the relevant social media platform.
Our legal basis for processing
It is in our legitimate interest to use personal data in the ways described above to ensure that we provide the Site in an effective way and to promote our Site via social media.
II. Provision of our Services
Client administration.
We may collect personal data about our client and potential client contacts to enable us to respond to client requests, to administer client accounts with us, to conduct credit checks (if permitted by applicable law), and to verify and carry out financial transactions for payments made to us. The data that is processed includes Identity Data and Contact Data, and certain Transaction Data.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the Services requested by our clients in an effective and efficient way.
Media and informational inquiries.
We may collect personal data about journalists, client contacts or industry contacts for interviews requests, for media questions, or requests for information about FleishmanHillard. We may also provide individuals with the opportunity to sign up for newsletters or to receive copies of blogs and other information that we make available. Where an individual signs up to receive such information, Contact Data may be requested in each case, together with details of other personal data that is relevant to these inquiries. This information is used in order to enable us to respond to individual requests or media requests.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the services requested by our clients in an effective and efficient way and that we provide the right information to those who request it. Please note where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Market research and focus groups.
As part of our Service to our clients, we may collect an individual’s data including Identity Data, Contact Data, Profile Data, Image Data, records of communications, health data, and opinion data for the purposes of carrying out market research through focus groups, interviews and user testing. We may do this on behalf of our clients or for our own purpose.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure that we provide the Services requested by our clients in an effective and efficient way. Where we process special category data that was collected from an individual directly in connection with this purpose, we will only do so with the individual’s explicit consent. Where we obtain this information from publicly available sources, we will rely on the fact that the individual made such information manifestly public. Please note where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Media monitoring.
As part of our service to our clients, we may monitor media sites (including social media sites) and collect information about individuals (including Identity Data, Contact Data, Profile Data and Publicly Available Data) from these sites directly or using a third party social listening provider including their opinions on how a particular client campaign was received or a client offering or on a topic that is relevant to our client more generally.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the Services requested by our clients in an effective and efficient way. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Campaign reporting.
As part of our Service to our clients, we may collect information about individuals through third party providers or directly from the individual or through social media or other media outlets such as their Contact Data, Publicly Available Data and opinions on how a particular client campaign was received or other feedback they may have about a campaign or a client offering.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to ensure we provide the Services requested by our clients in an effective and efficient way and provide our client’s with insight into the performance of a campaign or client offering. Please note where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Surveys and voting.
We may collect personal data from individuals (including Identity Data and certain Profile Data) via surveys or voting polls for the purposes of obtaining feedback on our own or our clients’ products and surveys. Participation in such polls is voluntary and individuals will have the opportunity to decide whether or not to disclose personal data. Certain personal data such as Contact Data may be required to register to vote or to take part in a survey. We would only use that information to report the results of the survey or vote.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way to provide the Services requested by our clients in an effective and efficient way and to understand how our clients and their products are received in the market. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Promotions.
We may conduct promotions, contests or giveaways on our own behalf (or on behalf of our clients), which may require that individuals register to enter. We collect personal data from individuals (including Identity Data, Contact Data and certain Profile Data) in order to conduct the promotion, contest or giveaway and to deliver prizes or notices. Participation in these events and providing us with personal data is voluntary.
Our legal basis for processing
It is necessary for us to use personal data to perform our obligations in accordance with any contract that we may have (e.g. the promotion terms and conditions) or it is in our legitimate interests (and those of our clients) to process personal data in this way in order to enable individuals to participate in the promotion, contest or giveaway or we may do so in order to perform an obligation owed to individual. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Industry Mapping.
We collect, and maintain data bases containing, information about journalists, talent, social media influencers, social media users and other professionals in the public relations, news or media industry collected by us or by our trusted third party media analytics service providers. Such information may include an individual Identity Data, Contact Data, professional interests and affiliations. This information may be information that is voluntarily supplied to us by those individuals through our Site or in other situations (such as public speaking events), or information that is public or available in third party databases or via third party content platforms (including social media platforms). Further we may collect and/or review other publicly available news stories and other journalistic content including content made available through public news sites and social media sites to understand what people are saying about us and our clients. We use this Publicly Available Data to provide our Services to our clients including ensuring we and our clients are fully up to speed on public opinion in any particular area and are fully briefed when it comes to dealing with the press. We may also use this information to contact those individuals to discuss our clients’ goods and services. We may also use this information for our own internal administrative and promotional purposes.
Our legal basis for processing
It is in our legitimate interests (or those of our client) to process personal data in this way so that we can provide the Services requested by our clients in an effective and efficient way. Where the personal data collected is considered special personal data, we rely on the fact that the personal data has been manifestly made public by individual in order to process their personal data. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Social media.
We may collect or process individuals’ personal data (Identity Data, Contact Data and certain Profile Data and Publicly Available Data) who engage with us through our social media channels (including by visiting our social media pages or otherwise communicating with us via social media). We may also operate our client’s social media pages, accounts or channels acting on their behalf.
Our legal basis for processing
It is in our legitimate interests to process personal data in this way so that we can market ourselves and engage with the public. Where we carry out this activity on behalf of our clients as a data processor we do not require a legal basis for such processing.
We will only share personal data with the third-party providers of the social platforms, so that we can advertise our Services whilst the individual is using those social media platforms, where they have provided their consent.
Interactive areas and fan pages.
We may provide interactive areas, such as message boards, fan pages, chat rooms or other forums or other closed communities. Participation in these areas by users is voluntary. We may provide these interactive areas (including fan pages) in conjunction with third parties such as Facebook or other social media platforms. Although we discourage individuals from submitting any information that may identify them personally when participating in these areas, we may inevitably process their personal data in connection with these interactive areas.
Our legal basis for processing
To the extent we do process personal data in connection with this purpose, it is in our legitimate interests to do so to help us understand industry issues, share content and generally provide services to our client and users. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Events.
From time to time, we may organise and host road shows and other industry events to promote our Services or on behalf of clients. For this purpose we may process data including Identity Data and Contact Data (including email address, postal address and telephone number) to communicate with them about such events where they have specifically requested information about such events or where we have another lawful basis for sending that information to them.
If you attend one of our events, we may use your Identity Data and Contact Data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process certain Profile Data including any dietary or other requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications we send to our clients and/or publish on our Site, in print or other media.
Our legal basis for processing
It is necessary for us to use personal data in this way to perform our obligations in accordance with any contract that we may have with the individual, or it is in our or our client’s legitimate interest to use personal data in such a way to ensure that we provide our Services in an effective and efficient way. If we specifically ask your permission to use your photographs, quotes, testimonials or other content, then our processing of such personal data will be based on consent. Where we put on events solely at the specific request of our clients we do so in our capacity as our client’s data processor and therefore do not require a legal basis to process personal data.
Talent databases.
As part of our Services to clients, we maintain talent databases which includes Identity Data, Contact Data, and certain Profile Data, and personal preferences of individuals we may use for a particular campaign. We use this information for the purpose of selecting talent for a particular campaign and working with that talent. We may obtain this information directly from the individual or via third party recruiters or agents or publicly available sources.
Our legal basis for processing
It is in our legitimate interests (or those of our client) to process talent personal data in this way to enable us to provide our Services. Where we process special data in connection with this purpose that was collected from you directly, we will only do so with your explicit consent. Where we obtain this information from publicly available sources, we will rely on the fact that the individual made such information manifestly public. Where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
Public affairs.
As part of our Service to our clients, we may collect an individual’s personal data including Identity Data, Contact Data, Profile Data, Image Data, and Publicly Available Data, records of communications, and opinion data for the purposes of providing our public affairs services.
Our legal basis for processing
It is in our legitimate interests (and those of our clients) to process personal data in this way in order to provide the Services requested by our clients. Please note where we do this on behalf of our clients as a data processor we do not require a legal basis for such processing.
III. Marketing
Marketing Communications.
We may carry out marketing activities using an individual’s Identity Data, Contact Data and Marketing and Communications. In particular, we may use certain Profile Data to form a view on what we think the individual may want or need, or what may be of interest to the individual. We may use that information to provide individuals with marketing information about our events and services we feel may be of interest. We may also provide individuals with information about media and public relations events.
Our legal basis for processing
It is in our legitimate interest to use your personal data in this way to ensure the promotion of our services is tailored and/or appealing to you and/or the organisation you work for. We rely on our legitimate interest to process personal data in this way for marketing purposes (except where consent is required by local law in which case we will obtain consent).
B. BUSINESS ADMINISTRATION, FINANCIAL AND LEGAL
Receipt of services.
If we or our clients have engaged an organisation to provide us or our client with Services (for example, IT support or financial advice), we will collect and process your personal data (including Contact and Identity Data) if you are a contact within the relevant organisation in order to manage our relationship or our clients’ with the organization, to receive Services from the organisation and, where relevant, to provide our Services to others including our clients.
Our legal basis for processing
It is necessary for us to use personal data in this way to perform our obligations in accordance with any contract that we may have with the organisation or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with the organisation and are able to provide our services to others in an effective way. Where we do this on behalf of our clients as a data processor, we do not require a legal basis for such processing.
Recruitment.
If individuals apply for a job with us or otherwise express an interest in working for us, we will collect contact details and CV or resume information from the individual. We use such personal data for the following purposes: a) to assess the individual’s suitability for any position for which they applied (or future positions for which we think the individual may be suitable) including employment or freelancer positions, summer placements or internships and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person application; b) to take any steps necessary to enter into any contract of employment (or otherwise) with the individual; c) to comply with any regulatory or legal obligations in relation to any such application; and d) to review our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation.
Our legal basis for processing
Where we use personal data in connection with recruitment and talent management it will be in connection with us entering into a legal contract with them or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment and talent management decisions for FleishmanHillard or it is our legal obligation to use such personal data to comply with any legal obligations imposed upon us. We will not process any special data except where we are able to do so under applicable legislation or with the individual’s explicit consent.
Visiting our premises, studios or production sites.
If an individual visits any of our premises, studios and/or production sites we may collect personal data including Identity Data or Contact Data as part of our sign in process. We may also capture Image Data on our surveillance camera or CCTV.
If an individual registers as a guest user for free Wi-Fi access at any of our premises, we may collect personal data including Identity and Contact Data as part of the registration process. We may also process Behavioural and Technical Data in connection with any use of this free Wi-Fi service for monitoring and record-keeping purposes, including to identify the source of service requests, optimise and maintain performance of the Wi-Fi service, and investigate and prevent system abuse.
Our legal basis for processing
It is in our legitimate interests to process personal data in this way for security reasons.
Where we process personal data in connection with providing access to our free Wi-Fi service, it is in our legitimate interests to process personal data in this way to provide the service. Where we monitor use of our free Wi-Fi service to ensure proper use of the system, we process personal data for monitoring and record-keeping purposes based on guest user consent.
Business administration and legal compliance.
We may use an individual’s personal data (including Identity Data, Contact Data, Financial Data, Transaction Data, Publicly Available Data) for: the following business administration and legal compliance purposes:
- to facilitate the operation or effective management of our group of businesses;
- for financial, accounting and tax purposes;
- to comply with our legal obligations;
- to enforce or protect our legal rights;
- to deal with complaints;
- to protect the rights of third parties (including where health or security of an individual is endangered (e.g. a fire); and
- in connection with a business transition or sale such as a merger, re-organisation, acquisition by another company, or sale of all or a portion of our assets.
Our legal basis for processing
Where we use personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we will rely on our obligation to comply with law, including any court order, to process such personal data. We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with the individual’s explicit consent.
10. IF YOU FAIL TO PROVIDE YOUR PERSONAL DATA
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
11. SHARING YOUR PERSONAL DATA
We only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with our data protection, confidentiality and security standards and obligations.
We are part of the Omnicom Group of marketing and PR firms and (subject to the above) may share data within Omnicom Group companies, Omnicom Networks, or with our partner agencies. For more information about the Omnicom Group, please see here: Advertising and Marketing Agencies | Omnicom Group
Further (again subject to the above) we may share your personal data with third parties, as set out in the table below:
Our clients | We may share personal data with our clients for the purposes of providing them with Services. |
Our specialist suppliers/partners | We use various specialist suppliers and/or partners in order to provide our services including fulfilment of requests for information, receiving and sending communications, updating marketing lists, analysing data. |
Third-party IT suppliers | We may share personal data with third parties who support us in providing our Site and help provide, run, and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service providers, identity management, website design, hosting and management, data analysis, data back-up, security, and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We may also share your personal data with third-party service providers to assist us with insight analytics. These providers are described in our Cookie Notice. |
Payment providers and banks | We may share personal data with third parties who assist us with our invoicing and/or making/receiving payments. |
Third-party post/email marketing and CRM specialists | We may share personal data with specialist suppliers who assist us in managing our marketing database and sending out email marketing communications. |
Recruitment agencies and related organisations | We may share personal data with external recruiters, third-party providers that undertake background checks on our behalf and other entities within our group of companies for recruitment purposes. |
Auditors, lawyers, accountants and other professional advisers | We may share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation/group of businesses and in relation to any disputes we may become involved in. |
Law enforcement or other government and regulatory agencies and bodies | We may share personal data with law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation. |
Other third parties | Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation. |
We will not sell your personal data to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of FleishmanHillard or the division or office responsible for the services.
Please note, the types of third parties we share your personal data with set out above is non-exhaustive and there may be circumstances where we need to share personal information with other third parties in order to operate our Site and to provide our Services. We will notify you of any other circumstances where we would share your information on a case by case basis.
12. DATA TRANSFERS OUTSIDE THE UK and the EEA
Transfers by us – where we disclose personal data
We may transmit personal data outside the UK and the EEA to certain categories of third parties (as listed above in “SHARING YOUR PERSONAL DATA”) and more specifically to: (1) our headquarters in St. Louis, Missouri, United States (“US”); (2) our different offices in the US and other locations globally; (3) our affiliated entities in the US or in other locations globally.
Non-UK/EEA countries do not have the same data protection laws as the UK and the EEA. In particular, non-UK/EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data.
However, when transferring your personal data outside the UK or EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government or the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the UK Government or the European Commission referred to as the “Standard Contractual Clauses” or “SCCs” which give personal data the same protection it has in the UK and EU; or (3) other appropriate safeguards which ensure an adequate level of protection for the personal data, for example, binding corporate rules.
To find out more about the SCCs we use, please see: Standard contractual clauses for international transfers | European Commission (europa.eu) or contact us using the details above in “HOW TO CONTACT US”.
In addition, where we disclose personal data that we process in connection with our participation in the EU-U.S. Data Privacy Framework and the UK Extension to that framework, we remain liable under those frameworks in relation to our onward transfers of personal data to third parties, unless we can show that we are not responsible for the event giving rise to the damage.
Transfers to us – where we receive personal data
As Fleishman Hillard Inc., one of our operating entities, is located in the United States, any data that you provide directly to us, or that is received from third parties, may be stored in the US. In addition, it may be transferred by us to other countries (as described above).
Fleishman Hillard Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Fleishman Hillard Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
13. OBTAINING YOUR CONSENT
Where our use of your personal data requires your consent, you can provide such consent:
- at the time that we collect your personal data following the instructions provided; or
- by informing us by e-mail, post or phone using the contact details set out in this Policy.
Please note that if you specifically consent to additional uses of your personal data, we may use your personal data in a manner consistent with that consent.
14. CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL DATA
We are committed to keeping the personal data you provide to us secure and we have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
In addition all our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of the personal data of all users of our Site and those who purchase our Services.
15. YOUR DATA PROTECTION RIGHTS
You have the following rights in relation to the personal data we hold about you under certain circumstances:
- To obtain the confirmation that we process personal data about you, to access and obtain copies of the information, as well as information relating to the processing we carry out.
- To request your personal data be corrected where appropriate.
- If personal data we hold about you is inaccurate or incomplete, you may request that data be amended. However, please be aware that it is every person’s responsibility to provide us with accurate personal data and to inform us of any changes (e.g. new home address or change of name).
- To request your personal data be deleted, where appropriate.
- If you demonstrate that the purpose for which the personal data is being processed is no longer legal or appropriate, the data will be deleted, unless we can demonstrate that we are required to retain the personal data by applicable law or otherwise.
- If we have shared your personal data with others, we will let them know about the deletion where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly.
- To request that we restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the personal data, while we investigate your concern.
- It will not prevent us from storing your personal information.
- We will tell you before we lift any restriction.
- If we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.
- If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal information with so that you can contact them directly
- Where processing is based on your consent, to receive your personal data in a commonly used electronic format, or ask that we move your personal data in that format to another provider, where your request relates to the personal data that you gave us directly and where technically possible.
- To object to your personal data being processed where we are relying on ours or a third party’s legitimate interest to do so or for the purpose of direct marketing.
- To withdraw your consent at any time when processing relies upon consent.
Data Subject Rights
Data subjects may exercise these rights verbally or in writing using our contact information provided in the section above entitled “HOW TO CONTACT US”. We will endeavour to promptly respond to your requests. Where you ask us to provide a copy of your personal data we are legally obliged to respond within one month of such request. If your request is denied, we will inform you about the reasons for denial.
Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.
Lodging complaints
In addition, you may have the right to lodge certain complaints in relation to our processing of your personal data with regulators in your jurisdiction.
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, we encourage you to first contact us using our contact information provided in the “HOW TO CONTACT US” section.
If the GDPR applies, you can report your concerns to the following organisations:
European Economic Area | You can find a list of supervisory authorities and their contact details for the EEA at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm |
United Kingdom | The Information Commissioner’s Office (“ICO”) is the supervisory authority in the United Kingdom. Contact details for the ICO can be found at https://ico.org.uk. |
United States of America | In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Fleishman Hillard Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. Following the dispute resolution process, JAMS or you may refer the matter to the U.S. Federal Trade Commission, which has investigatory and enforcement powers over us. Under certain circumstances, you also may be able to invoke binding arbitration to address complaints about our compliance with DPF Principles. |
16. OPT OUT AND UNWANTED COMMUNICATIONS
To opt-out of any future promotional or marketing communications or any other commercial communications from us, you should send a request to us at the contact information in the section above entitled “HOW TO CONTACT US”.
17. THIRD PARTY LINKS AND SERVICES
This Site contains links to third party websites and services. Please remember that when you use a link to go from our Site to another website or you request a service from a third party, this Privacy Notice no longer applies to these third-party websites and third-party service providers unless we are acting as joint controllers in respect of your personal data with such third party.
Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.
This Site may integrate with social networking services. You understand that we do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Site, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.
18. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We retain personal data only for as long as is necessary for the purposes described in this Privacy Notice, after which it is deleted from our systems.
Regarding personal data we have processed in connection with the supply of our services to clients, we may retain personal data relevant to our services for up to six pars from the date of supply and in compliance with our obligations under the GDPR (or similar legislation around the world). We may then destroy such files without further notice or liability.
Regarding any other personal data we have processed, we typically retain relevant personal data for up to three years from the date of our last interaction with the relevant individual and in compliance with our obligations under the GDPR (or similar legislation around the world) although we may keep it for longer if we have a justifiable reason to do so.
If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will delete it at the end of that period. Please note that if you are an unsuccessful candidate we may keep your information for a short period.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list so that we know not to send you further marketing communications in the future.
19. PERSONAL DATA OF CHILDREN
Our Site is not intended for use by minors (individuals under the age of 18) and we do not knowingly collect personal data of minors. However, due to the nature of our organisation and the Services we provide, we may from time to time collect and process personal data relating to minors. If we do collect personal data of minors, we will comply with all applicable laws and regulations relating to the processing of personal data of minors.