Web Site Privacy Policy

Background

FusionExperience Limited (FusionComply) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, www.fusioncomply.com (“Our Site”) and as described in Parts 5 and 6, below, we do not collect personal data about you unless you contact us. Any personal data we may collect will only be used as permitted by law. FusionComply holds personal data for purposes incidental to meeting customer contractual commitments, for the purpose of employment and business associates, for the purpose of limited business-to-business marketing and, online discussion using Our LiveChat service from this web Site.


We do not trade in or exchange personal data in any form.


Please read this Privacy Policy carefully and ensure that you understand it. It relates solely to our public web sites; customer work is carried out under specific terms and conditions which are different to this public facing policy.


All work carried out by our Shielding services are processed either in the United Kingdom, New Zealand, or the United States of America according to customer specific contract arrangements and applicable data privacy laws locally.


Your acceptance of this Privacy Policy is deemed to occur upon your first use of Our Site.


If you do not accept and agree with this Privacy Policy you must stop using Our Site immediately.


1. Information About Us

Our Site is owned and operated by FusionExperience (FusionComply), a Limited Company registered in England under company number 6400683

Data Protection Officer: Kenneth Tombs.

Email address: information.public@fusioncomply.com.

Registered and trading address: International House, St Katherine's Way, Tower Hill, London, E1W 1UN, United Kingdom.

Telephone number: +44 207 084 7460.

We are regulated by the UK ICO (reference: Z1560187 since 2008) and the French CNIL.


2. What Does This Policy Cover?

This Privacy Policy applies only to your use of Our public facing Site(s), which may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.


3. What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the UK DPA 2018 Act, as ‘any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.


4. What are my rights?

Under the GDPR, you have the following rights, which we will always uphold:


a) The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 10.


b) The right to access the personal data we hold about you. Part 9 will tell you how to do this.


c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.


d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 10 to find out more.


e) The right to restrict (i.e. prevent) the processing of your personal data).


f) The right to object to us using your personal data for any particular purposes.


g) The right to data portability. This means that, if you have provided personal data to us directly, and we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.


h) Rights relating to automated decision-making and profiling. We do not use profiling of personal data in this way.


For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, after you have spoken with us about it, you have the right to lodge a complaint with the Information Commissioner’s Office.


5. What Personal Data Do You Collect?

Subject to the following, we do not collect any personal data from you. We do not place cookies on your computer or device, nor do we use any other means of data collection.

If you send us an email, we may collect your name, your email address, and any other information which you choose to give us.

This web site uses Google Analytics in an anonymous manner retaining such data for twelve months.

This site does not use cookies for browsing or trackability purposes.

The LiveChat online panel uses programmatic code to forward and track the viewing of content and requests for online discussion. Such records are kept for a calendar month with the details of the correspondent.


6. How Do You Use My Personal Data?

If we do collect any personal data, it will be processed and stored securely, for no longer than is necessary considering the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR always. For more details on security see Part 7, below.

As stated above, we do not generally collect any personal data. If you contact us and we obtain your personal details from your email, we may use them to respond to your email.

All emails containing your personal data will be deleted no later than thirty working days after any subject access request has been resolved.

You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it – subject to any statutory constraints.

We will not share any of your data with any third parties for any purposes other than storage on an information or email service.


7. How and Where Do You Store My Data?

We will only store your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law. We do not transfer your personal data outside of the EEA. More information is available from the European Commission.


All classes of data security are essential to us and to protect those data, we take the following measures:

• Operate an ISO 27001 Information Systems Management System.

• Have adopted industry best practices for ICT and operational security.

• Use encryption and encrypted networks.

• According to Business Impact Level requirements (BILxxx), undertake technical penetration testing.

• Operate using a high security client-to-client fully encrypted email system (ProtonMail) at BIL4xx plus.


8. Do You Share My Personal Data?

We do not share any of your personal data with any third parties for any purposes, subject to one important exception.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If any of your personal data is transferred to such a third party as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 7.


9. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to either the email or postal address shown in Part 10. We will need to verify your identity and location through an agreed mechanism to prevent identity theft or fraud.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive vexatious requests) a fee may be charged to cover our administrative costs in responding.
We expect to respond to your subject access request within ten working days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
You will be kept informed of our progress.


10. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Kenneth Tombs):

Email address: information.public@fusioncomply.com.

Telephone number: +44 (0) 207 084 7460.

Postal Address: International House, St Katherine's Way, Tower Hill, London, E1W 1UN, United Kingdom.


11. Changes to this Privacy Policy

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.


Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations.


We recommend that you check this page regularly to keep up-to-date. Its is current at May 25th 2018. BS.DAT.PRIV.01 Website Privacy Policy





Additonal Information and Code Of Conduct



More on Our Privacy Policy

Our business is in delivering advice and guidance on data privacy and protecting the information of individuals, combined with other compliance and governance functions.

We take this commitment seriously and have adopted ethics that reflect our business position. Our Policy is straightforward and applied consistently to both online and managed services, if you have any questions about our approach please email us or use our Live Panel on this web site.

Our Policy is now enacted under the new United Kingdom's Data Protection Act 2018, that came into force on May 25th 2018, regarding data privacy and electronic commerce.

This Policy applies to both public information and customer agreements and supports our ISO27001 governance internally.

Our policies apply to all media methods be it printed, to desktop or mobile devices more widely, including Apps published on major App stores such as operated by Google Play, Microsoft or Apple.

For other FusionExperience policies, please refer to the main web site at www.fusion-experience.com

Important note:

This Web Site is intended for commercial use only.

You should assume that everything you see or read on the Site is copyrighted unless otherwise noted and may not be used without the permission of ‘FusionComply.’

'FusionComply' does not warrant or represent that your use of materials provided through or on this web Site will not infringe rights of third parties.

We are not responsible for any 3rd party policies, conditions or practices enforced by App store providers when downloading our App products or from other third parties.

You agree to respect our web Site and customer portals and not to use them for any immoral, criminal or disruptive purposes in any manner.


Data Processor and Controller

FusionComply operates as a data controller for all internal functions such as staffing and statutory purposes.

Where on occasions FusionComply operates as a Data Processor, cleansing documents or e-mails on the MailKeeper archive, for all customer purposes we would normally refer any subject access requests to the data controller.

We are not responsible for any Data Controllers' policies, practices, conditions or statutory compliance, though we maintain legal agreements that set out our expectations in terms of cooperation and compliance.

There are customer projects that require the importation and exportation of personal data to organisations operating within national legal regimes that have no EU equivalence status. In such an event we operate with legal agreements or will put in place Binding agreements through the Information Commissioner's Office in the United Kingdom.


Collection

FusionComply only collects information that is necessary for our governance and compliance services and to use it in a way you would reasonably expect. In collecting and using this information we are committed to protecting your personal privacy.


Who will see or have access to your personal information?

Unless we are required to provide your personal information to others by law, by court order or to investigate suspected fraud or other unlawful activity, your information will only be seen or used by persons working in or for FusionComply.

These people may include our customer service staff, sales agents, sub-contractors, accountants, lawyers, financial planners, paralegals, underwriters, risk assessors, claims managers, investigators, statisticians, reinsurers and professional advisers.

Our information systems and files are kept secured from unauthorised access and our staff and contracted agents and service providers have been informed contractually of the importance we place on protecting your privacy and their role in helping us to do this. Some information is kept for a number of years to comply with legal requirements.


Why do we need to collect this information?

We need this information to provide our governance and compliance products or services. If you have chosen, we will send you details of related products and services or their updates. At any time, if you no longer wish to receive this additional marketing material let us know, and we will remove your details from our direct marketing listings. We will respect any request ‘to be forgotten’ made, subject to any customer contractual arrangements in affect with you at the time.


Jurisdiction and applicable law

We have nominated the United Kingdom Information Commissioner's Office as our General Data Protection Regulations Supervising Authority. We also report to other EU Supervisory Authorities from time to time on behalf of customers.

The English and Welsh Courts have exclusive jurisdiction over any claim arising from or related to a visit to this web site or our services. English Law and practice will apply to these terms and conditions.


What if I want to check what personal information you hold about me?

Subject to any legal restrictions, we are happy to meet your request for access to the personal information we hold about you. There is no cost to you in providing this information unless your request is complex. We reserve the right to refuse subject access request where we believe them to be vexatious or attempting to create a denial of service. We have processes to ensure that all information you disclose is kept accurately, is complete and up to date. You must promptly notify us if there are any changes to your personal information.


If you believe there are errors in our records about you, please let us know and we will be happy to investigate and correct any inaccuracies. In the unlikely event that we do not agree with you as to the need for a correction of your personal information, you may request a correction statement be associated with your information and we will take reasonable steps to do this. Our privacy policy has been formulated to appropriately address your privacy rights and obviate any need for you to make a complaint, however, you retain your right to make a complaint to the Information Commissioner’s Office.


Accessing our site and online services

Access to our web Site is permitted on a temporary basis and we reserve the right to withdraw or amend the service without notice.

As a customer where you have access to one of our portals, you are responsible for making all arrangements necessary for you to have access to our site or portal. You are also responsible for ensuring that all persons accessing the site through your internet connection are aware of these terms and that they comply with them. Separate terms may apply for customers and will be set out in the specific service definition document.

Where you are provided with a user ID, password federated sign-on or any other piece of information as part of our security procedures, you must treat this information as confidential and you must not disclose it to any third party.

You agree in using this web Site or portals not to post or use for onward transmission any unlawful, threatening, defamatory, obscene, scandalous, inflammatory or profane material or any material that could constitute or encourage conduct that would be considered a criminal offence, give rise to civil liability, or otherwise violate any law.


Our web site changes regularly

We update our web Site regularly and so may change the content at any time. If the need arises, we have the option to suspend the site or to close it indefinitely.

We may at any time revise our policy by updating this page. You are automatically bound by any such revisions and should periodically visit this page to ensure familiarity with our policy.


Information about you and your visits to our site

We process information about you in accordance with our privacy policy. By using the web Site and its LiveChat advice panel you consent to such processing and you warrant that all data provided by you is accurate.


Linking to our site

You may link to our home page, provided you do so in a way that is fair and legal and which does not damage our reputation or take advantage of it. In particular, you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. Our site must not be framed on any other site, nor should you establish a link to any part of our site other than the home page. We reserve the right to withdraw this linkage permission without notice.


Further information

If you would like further information on our privacy policy or if you have any concerns over the privacy protection of the information you have given to us or that we have collected from others, please contact us at International House, St Katherine's Way, Tower Hill, London, E1W 1UN, United Kingdom.

This web site(s) is the intellectual property and copyright © 2018 FusionComply and all its content, ideas and know-how provided.

The parent company is FusionExperience Ltd registered in England and Wales. Registered No. 6400683.


Our Code Of Conduct

Our legal duty-of-care is to the customer and none other.

We will be impartial, balanced and independent in judgment and action, taking reasonable steps to be assured of our advice and recommendations.

Our analysts and staff will act transparently and in-good-faith on behalf of our customers and their data subjects, in the spirit of the GDPR.

We will promptly inform a customer of any conflicts of interest arising out of our duties.

We will treat as confidential all information which is obtained through our working with accreditation bodies and professionals.

We will not allow confidential information to be disclosed to a third party or parties, unless required by law or local regulation.

In the event of a conflict or dispute, the matter will be referred to the Centre for Effective Dispute Resolution (CEDR) in the City of London for an appointed mediator to adjudicate.


This version Dated May 25th 2018