NOTICES

What does this Privacy Notice do? This Privacy Notice describes how we collect and use your Personal Data in accordance with the United Kingdom’s General Data Protection Act 2018 and the EU General Data Protection Regulation (“GDPR”) and other applicable data protection and privacy legislation and it demonstrates our compliance with the principles and obligations therein. It also describes why we need Personal Data, how we may share it, how we keep it secure, how long we keep it for and what your rights are.

Who are we? PSG Consult Counsel Ltd trades as Consult Counsel and as we may hold and process your Personal Data, we are a Data Controller and are dedicated to protecting the confidentiality and privacy of information entrusted to us. We have assessed that we are not required to appoint a Data Protection Manager under the GDPR.

What is Personal Data? “Personal Data” means information about individuals (including you) from which such individuals can be identified and includes, but is not limited to, information we get about your name, address, email, telephone number, birth date, marital status, nationality, race, gender, preferred language, job title, employers, photos, video, passport, driving licences and electronic signatures.

Why do we collect Personal Data? We collect Personal Data for a variety of reasons including, but not limited to, enabling us to on-board you as our client; to comply with anti-money laundering (“AML”) and know your customer (“KYC”) requirements; so we can do a conflicts check; so that we can work on assignments with you as our client; so that we can contact you; so that we can share comments with you; and so we can instruct parties on your behalf. We may also collect Personal Data through recruitment processes whether ours or for our clients and through referrals for potential business from clients, counterparties, advisors and from social media sites.

How do we get Personal Data? We may obtain your Personal Data in a variety of different ways. Below is an illustrative, but non-exhaustive list, of ways we get Personal Data: Directly - when you provide your business or v-card; when you attend meetings or events we host; when individuals send us CVs for recruitment by us or for our clients; when we establish a business relationship with you; when we perform an assignment and provide consulting services to you through a contract. Indirectly - from you to satisfy our legal obligations, or to pursue our legitimate interests. Public sources - from public registers (such as Companies House), news articles, a sanctions list, and internet searches. Our clients - you may engage us to perform consultancy services which involves sharing Personal Data that you control as part of that assignment; we may process Personal Data on our hosted software applications or under your control which may be governed by different privacy terms, policies, and notices than ours. Recruitment services - We may obtain Personal Data about candidates from a recruitment agency and other parties, including former employers and credit reference agencies and may receive Personal Data to take up references of candidates.

What lawful reasons do we have to process Personal Data? We may rely on the following lawful reasons: Contract – In order to enter a contract with you and perform our contractual obligations with you. Consent – We may rely on your freely given consent at the time you gave us your Personal Data. Legitimate interests – Such as delivering consulting services to our clients and meeting our regulatory obligations.

Do we share Personal Data with third parties? We may occasionally share Personal Data with trusted third parties to help us to deliver efficient and quality consulting services. These recipients are contractually bound to safeguard the Personal Data we entrust to them. Such third parties may include professional advisors (e.g. lawyers, accountants, insurers); support service providers (e.g. IT support, telecoms support and cloud based software providers); payment service providers (e.g. our bank, our AML/KYC and source of funds due diligence provider); business partners (e.g. recruiters and marketing service providers); and regulators or other authorities (e.g. law enforcement, HMRC or other parties as required under applicable laws or regulations).

Do we transfer Personal Data outside the U.K.? We may transfer Personal Data to reputable third parties inside or outside the U.K. and inside or outside the European Economic Area when we have a business reason to engage with such parties, subject to contractual obligations on them to safeguard such Personal Data, if required.

What are Data Subject Rights? No fee is charged when you make the requests listed below unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds. We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data and to exercise the rights below: Access – you can ask us to verify what Personal Data of yours we process and to ask for specific information. Correct – you can ask us to correct our records or complete them. Erase – you can ask us to delete Personal Data if you withdraw your consent and it is no longer needed for the purpose it was originally collected. Restrict processing – you can request a temporary restriction on processing if you contest its accuracy, or need us to preserve it to establish, exercise or defend a legal claim you may have. Data porting – you may request the Personal Data we hold to be transferred directly to another company if feasible, in a structured, commonly used, machine readable format. Automated individual decision making – you can ask us to review decisions made about you solely in an automated process that produced legal effects concerning you or significantly affected you. Direct marketing and profiling – you can object to your Personal Data being used for direct marketing or profiling. Consent withdrawal – you can withdraw your consent to us processing your Personal Data. This does not make the Personal Data we collected and processed with your consent unlawful, but it means we may not be able to offer you certain consulting services in the future if your consent is withdrawn.

How do we secure your Personal Data? We aim to ensure that access to your Personal Data is limited only to those who need to access it and we have policies to protect Personal Data (including sensitive Personal Data) from loss, misuse, alteration, or destruction. We may also in certain cases, anonymise to protect your Personal Data.

How long do we keep your Personal Data? We retain Personal Data to provide our consulting services to you, to stay in contact with you and to comply with applicable laws, regulations, and professional obligations that we are subject to. Unless a different time frame applies due to a business need or specific legal, regulatory, or contractual requirements, we retain Personal Data for these purposes for seven years.

How do you make a complaint about your Personal Data? If you are unhappy with the way in which we process your Personal Data, please contact us in the first instance and in the unfortunate event you remain dissatisfied, you may contact the Information Commissioner’s Office for a decision (https://ico.org.uk)(https://ico.org.uk).

Do we use cookies on our website? Yes, we use cookies for the functioning of the website.

What are cookies? A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website.