About this Policy
The other notices which may apply apply to you include, when, for instance:
- your company has bought subscribed to Opus 2 services
- we a looking for suitable candidates to fill roles within our organisation
- you are employed by us or are a supplier (including contractors)
As part of providing our services, our customers may provide us with personal data of other Individuals. Where we process this Information, we operate in the capacity of a "data processor".
We are Opus 2 International Limited (“Opus 2”), a company registered in England. Our registered address is Winton Place, 16 Blackhills, Esher, Surrey KT10 9JW and our principal place of business is at 5 New Street Square, London EC4A 3BF. Our company number is 05907841.
Third Party Links
This Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements.
What Personal Data / Information we collect about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name, last name, email address, telephone number and similar information.
- Contact Data includes business address, job title, email address and telephone numbers.
- Profile Data includes interests you communicate to us about key topics and feedback you provide to us on any aspect of our services or business.
- Usage Data includes information about how you use our Website, products and services.
- Marketing and Messaging Data includes your preferences in receiving marketing from us and your communication channel preferences
- Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
We also use Google Analytics. Please see our Cookies Policy for more detail.
You are under no obligation to submit any personal data to us. However, if you do not and if we require this under law or in order under the terms of a contract we have with you, then this may mean that we are unable to perform our obligations under the contract.
Ways in which we collect your personal data
Personal data you submit to us directly: you may provide us with Contact Data or Indentity Data directly e.g. when you submit your details on our Website or provide them through another means (e.g. email or phone), when you fill in a form, sign up for an event, request marketing materials or provide feedback to us. Personal data we collect through publicly available sources: we may collect Contact Data or Identity Data from third party publicly available sources e.g. B2B search engines, internet search engines, social media sites (e.g. LinkedIn).
We may also collect Technical Data from third party providers e.g. Google Analytics as detailed above and in our Cookies Policy.
How we use your personal data
- Where we need to perform the contract we are about to enter in to or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) provided that our legitimate interests do not override your interests and fundamental rights.
- Where we need to comply with a legal or regulatory obligation.
- Other legal grounds as applicable.
We will only use your personal data for the purposes for which we collected it (as set out in the table below), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may on occasion, need to process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
|Purpose of Collection||Categories of Personal Data Collected||Legal Grounds for Processing|
|New prospect Information||(a) Identity
|Performance of a contract with you|
|To manage our relationship with you which will include:
(b) Asking you for feedback on services we have supplied.
(d) Marketing and Communication
|(a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(c) consent, where applicable.
|To administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)|
|To let you know about events and webinars that we run that may be of interest to you.||(a) Identity
(c) Marketing Messaging
|To make suggestions and recommendations to you about goods or services that may be of interest to you.||(a) Identity
(f) Marketing Messaging
|(a) Necessary for our legitimate interests (to develop our products/services and grow our business)
(b) consent, where applicable
Sharing / Transferring your Personal Data to Third Parties
On occasion, we may need to share your personal data with third parties as set out below. We will share your personal data with the following third parties or categories of third parties where it is in our legitimate interests to do so:
- our other service providers and sub-contractors, including but not limited to payment processors, utility providers, suppliers of technical and support services, insurers, lawyers and cloud service providers;
- companies that assist us in our marketing and promotional activities; and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will also disclose your personal data to third parties:
- where it is in our legitimate interests to do so to operate our day to day business activities or grow our business
- if substantially all of Opus 2's or any of its affiliates’ assets are acquired by a third party, in which case personal data held by Opus 2 will be one of the transferred assets;
- if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we are under a duty disclose or share your personal data in order to comply with any legal obligation;
- in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims and to protect our rights or the rights of a third party.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor or data hosting vendor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with applicable laws, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as Model Contract Clauses or a US organization that is certified under the EU-US Privacy Shield Framework).
We may also share your personal data with our International Subsidiaries where this Is required to provide our services.
We employ a variety of technical and organisational measures to keep personal data safe and to prevent unauthorized access to or use or disclosure of it. We take our position as a software as a service provider seriously and comply with leading security practices. We hold an ISO27001:2013 and Cyber Security Essentials certification.
We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time we retain personal data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
Your legal options and rights
You may have certain legal rights available to you, these include:
- the right to ask us to provide you, or a third party, with copies of the personal data we hold about you at any time and to be informed of the contents and source;
- the right to request erasure, sometimes referred to as the right to be forgotten;
- the right to object on legitimate grounds to the processing of your personal data. In certain circumstances we may not be able to stop using your personal data – if that applies, we’ll let you know and gives you the reasons why.
- withdrawal of consent – when personal data is processed on the basis of consent you may withdraw consent at any time. If you no longer want to receive any marketing material from us, please use the unsubscribe / opt-out option which is in all our marketing emails to you.
If you want to exercise and if you have any questions about how we collect, store and use your personal data, then please contact us using the details as set out in the “Data Controller contact information” section below.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. If we process your data in our capacity as a data processor, we will contact the relevant data controller and ask them to respond to your request (we will provide support and information to help the data controller comply with your request).
Opus 2 Data Protection Officer Contact Details
If you would like further information on your rights or wish to exercise them, please write to: The Data Protection Team, Opus 2 Limited, 5 New Street Square, London EC4A 3BF, or email firstname.lastname@example.org.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Changes to this Policy