Analysis Group Ltd. Privacy Notice
(Effective 1 January 2021)
About this document
Any processing of personal data in the context of your using of the website accessible at www.analysisgroup.com is subject to the Privacy Statement set out on the website (and accessible via: https://www.analysisgroup.com/policy/).
How we collect your personal data
We may collect your personal data in a number of ways. This includes data we receive directly from you, for example:
- when you interact with us before becoming a client or service provider, for example when you express your interest in our services or offer your services to us;
- in connection with the performance of a contract we have concluded with you;
- when you communicate with us (e.g., by telephone, email), for example in order to make enquiries or raise concerns;
- when you provide personal data in the context of events;
- when you sign up to receive marketing communications.
We may also receive personal data from third parties, for example in order to carry out required due diligence checks on you or your organisation.
Please note that where you do not provide personal data to us, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you communicate with us via email, we may also collect personal data automatically as explained below.
The types of personal data we collect
We may collect the following types of personal data about you (and anyone at your organisation on whom we need to carry out due diligence checks, for example):
- your name, and contact information such as address, email address and telephone number;
- information on your job role, such as your position, title and function;
- billing and financial information (including bank routing number, bank account numbers and tax ID – used for receipt or payment of funds);
- information relating to our contractual relationship.
When communicating with us via email, we may also automatically collect personal data such as information on whether or not you open the email or use a link contained in the email, and how you otherwise interact with the message we sent. When collecting data automatically, we typically cooperate with third party providers and use web beacons in our emails. These are small graphics that are often transparent and can therefore not be seen. They help us understand how you interact with our email. You may set your email options to prevent the automatic downloading of images that may contain technologies that allow us to learn whether you have accessed our email and performed certain functions with it. If you access our website via a link contained within a marketing email received from us, additional information may be collected by us or our third party partners, such as your IP address.
The basis for processing your personal data and how we use it
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.
We may process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our commercial interests in operating our business (and the business of Analysis Group more generally) in a client focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
In this respect, we may use your personal data for the following:
- to monitor, review and evaluate the performance and effectiveness of our services and our business, including to measure the success of our marketing measures and identify usage trends;
- to seek advice on our rights and obligations, such as where we require our own legal advice;
- sharing our knowledge and promoting our services and those of other Analysis Group member companies (for example, providing you with briefings and other publications, details of events, or information about our other services which may be of interest to you - by letter, telephone, email and other electronic means) and to personalize any such communication. If you do not wish to receive such information, please let us know now or at any time in the future by contacting us as set forth below, and your details will be removed from our mailing list(s). If you receive such information via email you may use the unsubscribe link contained in each such email to unsubscribe from receiving further marketing emails;
- it is necessary for the establishment, exercise or defense of legal claims (for example, to protect and defend our rights or property, and/or the rights, personal safety or property of our clients, or of third parties);
- administrative purposes, including administering finance systems and creating financial statements;
- for fraud detection and prevention;
- carrying out audits;
- addressing complaints, feedback and enquiries.
We may process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data in particular for the following:
- to meet our compliance and regulatory obligations, such as tax reporting requirements;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
We may process your personal data to the extent you consent.
Sharing information with others
- other Analysis Group member companies in connection with their provision of administrative support, to support our sales and marketing efforts, and when servicing our clients or interacting with service providers.
- our agents and contractors where there is a legitimate reason for their receiving the information, including:
- third party consultants and experts providing services to us or directly engaged by you;
- law firms and other service providers who are advising you;
- providers of outsourced services to us (for example, IT vendors and cloud storage providers);
Any such agents or contractors will by appropriate data processing agreements be bound to only process personal data on our behalf and under our instructions, unless such agents or contractors act as independent controllers (e.g., in the case we seek advice from lawyers and tax consultants and request the services of auditors).
- with a third party in a business transaction, in the event that all or part of Analysis Group is sold, merged, dissolved, acquired, or involved in a similar transaction which involves the transfer of client files.
- third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of authorities; (b) to enforce our legal claims or to protect the security and/or integrity of our services; and/or (c) to exercise or protect our rights and property or the rights, property and personal safety of our employees, visitors or others.
- To any other third party to the extent you consent thereto.
International data transfers
Some of the personal data we process about you may be transferred to Analysis Group SAS in France or Analysis Group srl in Belgium; in that case, your information will be maintained within the European Economic Area (“EEA”).
In addition, some of the personal data we process about you may be transferred to, and stored at, a destination outside of the UK or EEA, for example where it is processed by staff operating outside the UK or EEA who work for us, or where personal data is processed by one of our suppliers or vendors who is based outside the UK or EEA or who uses storage facilities outside the UK or EEA.
In the cases where a transfer of data to a location outside the UK or EEA takes place, this could mean that the data is transferred to a country with a lower level of protection of your personal data. Thus, we will only transfer your personal data on one of the following bases to ensure that your personal data is sufficiently protected:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (for example, standard contractual clauses adopted by the European Commission). In particular, Analysis Group SAS and Analysis Group srl have standard contractual clauses in place with us, and we have standard contractual clauses in place between us and our affiliate Analysis Group, Inc. in the United States;
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection. In particular, data transfers from us to our affiliate Groupe d’Analyse Ltée in Canada are covered by the European Commission’s adequacy finding on the Canadian Personal Information Protection and Electronic Documents Act; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
If you would like to obtain further information on the transfer of your personal data and the safeguards we have implemented to protect your personal data, please contact us using the contact details set out below.
How long your information is kept
Subject to our legal and regulatory obligations as well as any other notices that we may provide to you, we may retain your personal data for a reasonable period after your association with us has come to an end and/or if the purpose is fulfilled for which the data has been collected. However, some personal data may be retained for longer, for example where we need to retain it due to legal and regulatory obligations (e.g., to comply with tax and commercial law). In that case we will delete your personal data upon expiry of the applicable retention obligation.
If you receive promotional emails and unsubscribe from receiving those emails, we will delete the personal data associated with those emails. However, we will store your email address in a black list to ensure that you will not receive any further promotional emails.
Under the DPA and/or GDPR you have the following rights:
- to obtain access to, and copies of, the personal data that we hold about you;
- to require us to correct and complete the personal data we hold about you if it is incorrect or incomplete;
- to require us to erase your personal data under certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed;
- to require us to restrict our data processing activities;
- to transfer or have your personal data transferred easily from us to another organization (right to data portability);
- TO OBJECT to any processing based on our legitimate interests where there are grounds relating to your particular situation. You can object to marketing activities for any reason whatsoever. If you want to object to receiving marketing emails, you can use the unsubscribe link contained in each such email to unsubscribe from receiving further marketing emails; where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal. If you wish to withdraw it, please contact us using the contact details set out below. Please also note that where our processing of your personal data relies on your consent and you withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services;
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you wish to exercise one of these rights, please contact us using the contact details set out below.
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Data Protection Authority (DPA). You can find out more information about how to contact your local data protection authority at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. However, we encourage you to first reach out to us by using the contact details set out below so that we understand your concerns and can find a solution together.
- by email: AGPrivacy@analysisgroup.com;
- by telephone: (00 1) 617 425 8000;
- or by post: Analysis Group Ltd., ATTN: Data Privacy, 1 Angel Court, London EC2R 7HJ.