ETF Stream Limited (we, us, our), are committed to protecting the data that we hold and use about you and to respecting your privacy.
We are confident that you will find the information that you need set out in this policy, but if you need to know more about the data that we hold or the ways that we use it, you can contact us by email at email@example.com or by post at Legal Team, ETF Stream Limited, 1 Poultry, London, EC2R 8EJ.
This policy covers:
1. About this policy
2. The way that we use your personal data
a. What personal data do we collect?
b. How do we collect personal data?
c. How do we use personal data?
d. How do we share your personal data?
e. Change of purpose
f. Where your personal data may be processed
3. Security and retention of your personal data
4. Your rights and how to contact us
5. Third-party websites
1. About this policy
The “data controller” of your personal data (in other words, the organisation that determines how your data is used) is ETF Stream Limited (company number 10800516) with registered address: 1 Poultry, London, EC2R 8EJ.
2. The way that we use your personal data
A. What personal data do we collect?
“Personal data” is any information that could be used to identify you in some way. The personal data that we collect from or about you may (depending on our relationship with you) include the following:
the company you work for, your job title and your job category;
your business’ VAT number (only in instances where we need to issue you with a tax invoice);
professional demographic information;
your social media handle (in instances where you interact with us on social media such as on Twitter or LinkedIn);
any personal data you give to us in our general communications with you (for example when you make an enquiry via email, interact with us on social media, place a comment or publish an article or other content on our website, participate in one of our polls, or speak to someone from the team over the phone);
information about your device and about your visits to and use of our website (including information about how and when you came to visit our website, how you interacted with the website (page response times, download errors, length of visit to certain pages, page interaction information such as scrolling, click, and mouse-overs) and where you went next (including full URLs and methods used to browse away from the site); and
technical information about the way you access our website including your IP address
used to connect your device to the internet, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and device information.
Where you are attending one of our events we may ask you to provide us with your dietary requirements. Where we process this information about you we will only do this with your explicit consent or as otherwise permitted under relevant data protection laws.
By signing up to any of our events you agree the organiser can contact you, including for other related services such as email news (which you will be able to opt out of at any time). You also agree that sponsors for that specific event can receive your details and contact you.
B. How do we collect personal data?
We collect personal data in a variety of ways including:
directly from you: when you voluntarily provide this information to us (for example when you contact us, interact with us on social media, publish content or a comment on an article on our website, or book a place at one of our events);
from other publically available sources: from time to time, we access and store information which is available from public sources including some personal data (for example, we may collect publicly available information about the company or business your work for where we interact with you in a professional capacity);
For more information about the service providers we work with please see section D below;
otherwise through your browser or device or through our servers: certain information is collected by most browsers or automatically through your device, and we also collect your IP address or other device identifier (this enables us to recognise your computer or device when you use the site) via our server log files.
C. How do we use personal data, and what is our justification for doing so?
We use your personal data for a variety of purposes related to the day to day running of our business, producing great content and running relevant events. From a legal perspective, there are various reasons and justifications for doing so and we have set out an explanation of these below.
In order to run our events successfully and ensure the provision of the products and services we offer to you:
◦ to ensure our events run smoothly and successfully, so that we know you are coming and reserve a space for you, so that we can communicate with you in relation to the event, and can meet any dietary requirements you have (where relevant);
◦ to provide you with the information, products and services on our website or that you otherwise request and communicate with you regarding these products and services or respond to your questions and comments;
We use your personal data in this way either because we have a contract with you (for example, if you have bought a ticket to attend an event we will need to process your data to ensure we reserve a space for you) or because it is in our legitimate interests to do so (for example, it is in our interests to ensure that we meet the needs of all our event delegates and ensure everyone has a positive experience at the event) but we will always ensure that your rights are protected.
In order to provide you with your copy of “ETF Insider” and any other reports that you request from us (our Reports)
◦ we will use your personal data to ensure you receive a copy of each new edition of our Reports once they are available;
Depending on our relationship with you we will either rely on your consent to contact you directly in relation to our Reports or we will rely on our legitimate interests as a business. We will always ensure that your rights are protected. You can inform us at any time if you no longer wish to receive this publication.
For marketing purposes, including to measure how effective our marketing it:
◦ to send you our newsletter or other marketing communications relating to our business and our productions which we think may be of interest to you by post, or where you have agreed to it, by email or similar technology;
◦ from time to time to send you materials from third parties whose content, insights, products or services we think may be of interest to you by post, or where you have agreed to it, by email or similar technology. Whilst we may send such materials (including marketing materials) on behalf of those partners, we will not share your personal data with them to contact you directly
◦ to measure the effectiveness of our marketing campaigns and our advertising;
We may rely on your consent to contact you directly by email about our business and any events we are running. In other scenarios, we will rely on our legitimate interests as a business, always ensuring that your rights are protected. You can inform us at any time if you no longer wish to receive marketing communications from us (either about our own services or about the services of third parties or both) by using the unsubscribe links within our marketing communication or by contacting us at any time at the contact details set out above.
For administrative and internal business purposes:
◦ to ensure that content on our website is presented in the best and clearest manner for you and for your device;
◦ to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
◦ for our internal business purposes, such as analysing and managing our businesses, audits, enhancing our offering including on our website, and identifying trends. For these purposes, personal data will be aggregated and looked at on a statistical basis;
For security and legal and compliance purposes:
◦ for taxation purposes such as to comply with tax laws;
◦ as part of our efforts to keep our website safe and secure;
◦ to detect or prevent fraud or other illegal activity;
◦ as we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws or legal process in other countries); and
◦ to protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies.
In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your data in this way. We will always ensure that your rights are protected.
D. How do we share your personal data?
We will never sell your personal data or give it to anyone else for them to use for their own purposes without making that clear to you, however, we do sometimes still need to share your personal data in various ways, as set out below:
(i) Sharing with organisations providing services to us:
We engage various third parties to provide services to us for specific functions as part of the day to day operations of our business, and this will often mean that we need to share your personal data with them (it is in our legitimate interests to do so, since we may not have the capabilities to provide these services ourselves).
For example here are a few of the third parties we work with:
we use a third party provider to help us efficiently print and distribute our printed publications;
we use the website analytics provider, Google Analytics, to help us understand how our website is used (this information is aggregated and looked at on a statistical basis only). For more information about Google Analytics please read Google’s analytics notice which is available here;
In every case, we will ensure that these third parties are only allowed to use your personal data in order to provide the relevant services to us and not for their own commercial purposes. We require all third parties to take appropriate technical and organisational security measures to protect your personal data and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law.
In rare circumstances we may need to share some data, including personal data with our insurers. We will only pass information to the insurer that it needs to provide adequate insurance for a particular production and will always make sure we use insurers we trust to keep your personal data in the strictest confidence and as required by the law.
(ii) Other scenarios in which we might share your personal data
We may also share your personal data:
with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.;
in the event that we consider selling or buying any business or assets, to any prospective sellers or buyers of such business or assets;
in the event of any insolvency situation (e.g. administration or liquidation);
if we, or substantially all of our assets, are acquired by a third party, in which case your personal data will be one of the transferred assets; or
to protect the rights, property or safety of our employees, workers, contractors, event attendees and subscribers, or others. This includes exchanging your personal data with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of our employee, worker, contractor and event attendee and subscriber safety, crime prevention, fraud protection and credit risk reduction.
(iv) Sharing data within our group:
We are a part of a group of companies. In rare circumstances we may share your personal data with a member of our group in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so (for example, we may share personal data as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data). We will always ensure that your rights are protected.
E. Change of purpose
F. Where your personal data may be processed
Some of the processes involved in our use of your personal data (or the services our third party suppliers provide involving use of your personal data) may require your data to be stored or processed in countries outside of the UK and European Economic Area (the “EEA”). When this occurs we will make sure that we take steps necessary to protect your data as required by applicable laws, including by putting in place adequate contractual safeguards with the recipient (e.g. the European Commission’s standard data protection clauses and UK IDTA Addendum), to ensure the security of your personal data is maintained when it is processed by the third party.
3. Security and retention of your personal data
(i) Security of your personal data:
We take the security of your personal data very seriously and have put in place physical, technical, operational and administrative strategies, controls and measures to help protect your personal data from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
In addition, we limit access to your personal data to those employees and other third parties who have a business need to know in order to perform their job duties and responsibilities. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
(ii) Retention of your personal data:
We will retain your personal data for as long as we need it in connection with our relationship with you. This retention period may depend on whether you are visiting our website, making a purchase of any products or services we provide. There may also be circumstances where we need to retain your personal data for longer than our relationship with you in order to comply with applicable laws.
Personal data which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal data where applicable.
In some circumstances, we may anonymise your personal data so that it can no longer be associated with you. In this case, we may retain such information for a longer period without further notice to you.
4. Your rights and how to contact us
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes so that our records can be updated. We cannot be held responsible for any errors in your personal data if this is caused by a failure by you to notify us of the relevant change.
Data protection law grants you a number of specific rights in respect of your data in addition to the broad and general right to have your data protected. We have set out some information in respect of each of those specific rights, below:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data (commonly known as the "right to be forgotten"). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
Not to be subject to a decision solely based on automated processing. We do not anticipate making decisions about you based solely on automated decision making where that decision would have a significant impact on you. If we ever make a decision about you automatically by a computer or an algorithm without human intervention you can ask us to have that decision reviewed by a human.
5. Third-party websites
Our website may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for the ways in which personal data is processed on such websites. Please check the relevant policies before you submit any personal data to these websites
We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your personal data (our details are in the section immediately below). We will try to put things right.
However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to the Information Commissioner's Office (ICO). You can contact the ICO at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or https://ico.org.uk/.