We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you. This notice contains some important information so please read it carefully.
Here are the things we think you’d really want to know:
We do use a number of third parties to process your personal information on our behalf however, we have processes in place to ensure they also maintain the security of your information.
You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
We do send direct marketing, if we’re allowed to and we do this to encourage you to make best use of our products and services by sending you offers and ideas that we feel will be of benefit to you. If you want us to stop then just let us know.
We will limit the collection and processing of Sensitive Information (as defined under the General Data Protection Regulation (GDPR) as much as is practically possible.
Who are we?
When we say ‘we’ or ‘us’ in this policy, we’re referring to the separate and distinct legal entities that make up 1OAK from time to time. Which of the Group Companies controls your personal information may depend on the services you are using or contacting us regarding. If you would like more information about which Group Company processes and controls your data, you can contact us by one of the means set out in the “Contact Us” section below.
Our registered address is: 51 Hayes Mews, London, W1J 5QJ
You can contact us in the following ways:
By writing to The Data Protection Officer the above address
By telephoning us on +44 (0) 207 016 7979
What sorts of personal information do we hold?
Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media.
Information that we get from publicly available sources like your website and linkedin.
Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
Information required to make decisions about your application for certain products and services offered by the Group such as your employment details, financial position, information taken from identification documents such as your passport or driving licence, your insurance, criminal and medical history, and details about additional insured parties
Your account login details for our services, including your user name and chosen password;
Information about whether or not you want to receive marketing communications from us;
Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and also how you use our Services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services; and
Information from other sources such as specialist companies that provide customer information (like credit reference agencies such as Experian, fraud prevention agencies, claims databases, marketing and research companies) and social media providers, as well as information that is publicly available.
Further information about the specific types of information that we collect and process are set out in the “How we use your information” section below.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal basis we rely on include:
Consent: You have agreed to us processing your personal information for a specific purpose;
Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
Performance of a contract: We must process your personal information to meet the terms of your contract with us;
Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
Legal obligation: We are required to process your personal information by law.
How do we use your information?
There are a number of ways in which we use your personal information, depending on why you are interacting with us.
To advise you of products and services
We use your personal data to market our services and products by phone, mail and email and this processing is conducted on the basis of our legitimate interests in providing our members with support. You can change your preferences on this marketing activity by contacting our Marketing Department.
We share data with third party product providers and partners for the purpose of them receiving feedback on events you may attend and so that they can provide you with further information on products or services that may be of interest to you.
To keep you safe at events
We use your information to advise our event venue partners of the delegates expected so that they can ensure all health and safety provisions are in place including adhering to any dietary or access requests made. We process this data on the basis of the contractual obligations we have with you.
If you are one of our other customers or a supplier
In order to work with our other customers and suppliers, we will collect information such as the names, contact numbers and email addresses of relevant employees and discuss your services, to manage our contractual obligations and billing arrangements. This information may be shared with colleagues within the Group that are involved in our supply chain including finance team members, contract managers and service users.
If we have a legal obligation to do so
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
How will you obtain my consent when required?
As outlined above, there may be instances where our basis for processing your personal data is that you have provided your consent. In these circumstances, we will explain to you in writing what personal data we need and why, whether we need to disclose your personal data to any third party who and why, how long we will store the personal data, your rights of access to the personal, your options for consenting or refusing to consent or withdrawing consent, and the implications of consenting or refusing to consent or withdrawing consent. Please note that it is not a condition of engagement with us that you have to agree to any request for consent from us. We will only process your personal information without your knowledge or consent where this is required or permitted by law.
Recipients we share your data with
We may share your personal information with the following recipients:
Provider partners and service delivery companies that support us in the provision of goods and services to you under membership of the Group
Government bodies and agencies (e.g. HMRC for tax purposes)
Regulators (e.g. Payment Systems Regulator, Information Commissioner’s Office, Financial Conduct Authority)
Agents and sub-contractors who help us provide services (we employ other companies and individuals to perform functions on our behalf. Examples include IT support service and performing legal and other professional services. Those companies and individuals have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes)
Third party service providers (e.g. when we outsource some of the operations of our business to third party service providers. We restrict how such service providers may access, use and disclose your data)
Credit reference agencies
Legal and professional advisors, including auditors
Courts, to comply with legal requirements, and for the administration of justice
In an emergency to protect your vital interests
To protect security or integrity of our business operations
When we restructure our business or have a merger or re-organisation
Anyone else where we have your consent or as required by law
Transfer of personal data outside the European Union (EU)
We are committed to implementing technical and organisational measures that, by default meet the requirements of the data protection legislation and the appropriate level of security. We will not share your personal data with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without your consent. We will not transfer your personal data to organisations outside the European Union (EU) unless that country or territory can ensure an adequate level of protection in relation to the processing of your personal data.
How long do we keep your data?
We retain your data primarily to meet statutory and regulatory obligations; secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements. Our retention schedules are available on request.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you; in such circumstances we may use such information without further notice to you.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.
Requests, complaints or queries
We try to meet the highest standards when processing personal information. For this reason, we take any requests, complaints or queries we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
This privacy notice does not provide exhaustive detail of all aspects of our processing of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a query, request, or a complaint about the way we have processed your personal information you can contact us directly:
- By writing to The Data Protection Officer the above address
- By telephoning us on +44 (0) 207 016 7979
Alternatively, you have the right to lodge a complaint with the regulator which oversees data protection law:
Information Commissioner’s Office
Tel: 0303 123 1113
Changes to this privacy notice
We keep our privacy notice under regular review. Notifications of changes to this privacy notice will be via email. This privacy notice was last updated in July 2020.