Privacy Notice

Date of last revision: May 2020

Introduction

Swann Group Holdings Limited (“Swann Holdings” or “we”, “us” or “our”) takes your privacy seriously and is committed to protecting and respecting it.

This privacy notice (“Notice”) contains important information on:

  • who we are
  • the personal data we collect and store about you
  • how and why we collect personal data
  • what we do with personal data
  • the categories of third parties with whom we share your personal data
  • international transfers
  • how long we retain your information, and how we keep it secure
  • your rights and how to exercise them
  • how to contact us
  • details of whom to contact if you have a complaint.

We ask that you read this Notice, and any other privacy or fair-processing notice provided to you on specific occasions, so that you have a clear understanding of how we interact with your personal data.

We would also suggest that you read the notices for our brands Swann (www.swannglobal.com), Cygnet (www.cygnetsearch.com) and Skein Advisory (www.skein-advisory.com) as a minimum.

Each relevant notice supplements, and does not override, the others.

Children

Please note that our website and services are not intended for children, and that we do not knowingly collect personal data relating to children.

Third-party links

Please also note that this website contains third-party links that will take you to other websites not owned or operated by us or any of our group companies. By clicking on any link, you will leave this website: you should check the privacy notices on each other website that you visit, since this Notice will no longer apply at that point.

1. Who are we?

Here are some key details about us: 

Our name: Swann Group Holdings Limited

Place of incorporation:    England and Wales (this is where we are registered)

Company number: 12537626

Registered address: The Bloomsbury Building, 10 Bloomsbury Way, London, WC1A 2SL

VAT number: 194 7342 78

Data Controllers

Under data protection law, Swann Holdings is considered to be a “controller”. As a controller, we are responsible for, and control the processing of, your personal data to the extent that it is collected, used or held by Swann Holdings. We are registered as a data controller with the Information Commissioner’s Office, which is the UK’s supervisory authority for data protection matters.

Our Group Structure

Swann Holdings is the holding company of a group of companies. Each of the companies in the group has its own privacy policy, and this is ours.

The main establishment of our business – in other words, the company through which key decisions are made – is Swann Global UK Limited. As a holding company, Swann Holdings itself does not engage in day-to-day trade and it does not employ the key decision-makers in the business. Swann Holdings itself has less contact with individuals and their data than other businesses in the group.

Therefore, if you trade with, communicate with, or apply to work with, any of our businesses, you should also read the privacy policy of Swann Global UK Limited, plus that of the group company with which you are dealing (if different).

2. What information do we collect?

Personal data is information about a living individual from which that individual can be identified (whether by one piece of data alone or through a combination of data).

Anonymous data, from which a person’s identity has been removed, is not personal data.

In the course of acting as a holding company for a group of businesses providing search-and-select services and consultancy services, Swann Holdings may collect the following personal data about you:

  • Identity data, such as
    • name and title
    • gender
    • date of birth
  • contact data, such as
    • e-mail address
    • home address
    • telephone and mobile numbers
  • biographical data, to the extent that you provide it, such as
    • institutions attended
    • academic and professional qualifications gained
    • employment history
    • any other personal information you provide
  • financial data, if you are a supplier and you provide an individual’s financial details (rather than those of a business) for the receipt of payments
  • technical data, such as
    • internet protocol (IP) address
    • your browser type and version
    • time-zone setting and location
    • browser plug-in types and versions
    • operating system and platform and other technology on the devices you use to access our website
  • usage data, such as
    • information about how you use our website and services

Aggregated data

Swann Holdings, like other businesses in the group, collects aggregated data for statistical purposes, such as assessing the popularity of certain pages on our website and the number of people on our database. Aggregated data does not reveal your identity (either directly or indirectly) and is not considered to be personal data. To the extent that Swann Holdings uses or combines any aggregated data so that you can be identified, we would treat the aggregated data as personal data in that situation and would therefore use it only in accordance with this Notice.

Special categories

The phrase “special categories of personal data” denotes particularly sensitive data to which more stringent processing conditions apply. It comprises data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and/or biometric data.

Swann Holdings does not ordinarily collect special categories of personal data. Other companies in our group may do so to the extent that you volunteer it, in which case it will processed in accordance with both the law and the relevant company’s privacy notice.

We also do not collect information about criminal convictions or offences.

In all cases, we do not collect more data than we believe is necessary.

3. How do we collect personal data?

We obtain personal data from the following sources:

  • directly from you, when you provide that information.

Please contact us if the personal data you’ve given to us changes: we always want to make sure we’re using accurate data.

  • from third parties and publicly available sources, for example:
    • if you are copied on an e-mail that is sent to us, and your e-mail address identifies you 
    • Google Analytics (based outside the EU)

Note: if you are ever providing another person’s details to us, please ensure you have that person’s explicit consent to do so.

  • from automated technologies such as cookies and tags when you use our website, although we do not participate in automated decision-making – for more information on automated technologies, please see our cookie policy.

4. For what reasons do we use your personal data?

Introduction
We will only use your personal data when the law allows us to, and we will not use it more extensively than we believe is required.

Most commonly, we will use your personal data in the following circumstances:

  • to perform a contract we are about to enter into, or have entered into, with you
  • if it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your own rights and interests
  • where it is necessary to comply with a legal or regulatory obligation.

Lawful bases

To process personal data, Swann Holdings must have a lawful basis. We always ensure that this is the case, and we set out below the lawful bases on which we most frequently rely. Note that more than one basis may apply at any given time: please contact Swann Holdings using the details at the bottom of this Notice if you would like more information on this.

Our most frequently used legal bases are as follows:

  • It is necessary for our legitimate interests, being the legitimate interests pursued by us or by a third party, except where those interests are overridden by your interests or fundamental rights and freedoms.
  • Performance of a contract with you or taking steps (at your request) prior to the performance of a contract.
  • Compliance with a legal obligation to which we are subject.

A table describing our use of personal data is set out below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new client or supplier

(a) Identity

(b) Contact

Performance of a contract with you

To receive your services, including making payments to you

(a) Identity

(b) Contact

(c) Biographical 

(d) Financial

(e) Transactional

Performance of a contract with you

Necessary for our legitimate interests (including to recover debts due to us)

To manage our relationship with you, including:

(a) notifying you about changes to our terms or this Notice

(b) communicating with you in the ordinary course of business

 

(a) Identity

(b) Contact

 

Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with a legal obligation

To deliver relevant website content to you

(a) Identity

(b) Contact

(c) Usage

(d) Technical

Necessary for our legitimate interests

To use data analytics to improve our website, services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To comply with taxation laws and other binding obligations

(a) Identity
(b) Financial

Necessary to comply with a legal obligation

To manage our business

(a) Identity
(b) Contact
(c) Technical
(d) Financial

Necessary for our legitimate interests

 Consent 

We will always be clear whenever we intend to process on the basis of consent, and we will process lawfully and only for the purpose for which consent was given.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we fairly consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

5. Do we share your personal data?

We may provide your personal data to the following recipients for the purposes set out in this Notice:

  • other businesses in our group, a list of which is available on request.
  • our service providers, including:
    • e-mail service providers
    • technical and support partners, such as the companies who host our website and who provide technical support and back-up services
    • suppliers with a need to receive your data
    • professional advisers, including lawyers, accountants and insurers in relation to the services they provide
  • any business or person with whom we may be involved in merger or acquisition discussions
  • HM Revenue & Customs
  • law-enforcement agencies, government or public agencies or officials, regulators, and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety
  • any other parties, where we have your specific consent to do so.

In all cases, we require third parties to use your data lawfully and only for specified purposes, and to observe strict standards of security.

6. Do you have to provide personal data – and, if so, why?

To form a contract with you, or where the law requires, Swann Holdings will need some or all of the personal data described above so that we can perform that contract (or the steps that lead up to it): this is set out above in this Notice.

If we do not receive the data, it may not be possible for us to perform that contract, but we will inform you of this at the time.

7. For how long will we keep your personal data?

Swann Holdings will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

8. Electronic Marketing

Swann Holdings does not itself carry out electronic marketing activities that will involve your personal data. However, other businesses in our group do so, and so you are advised to review the Swann Global UK Limited and  Cygnet Search UK Limited privacy notices to understand how those businesses carry out such activities.

9. Do we transfer personal data outside the European Economic Area (EEA)?

Swann Holdings may transfer your data within its group of companies, which may involve transferring your data out of (and back into) the EEA. We have therefore entered into a group-wide contract in a form approved by the European Commission in order to give such transfers suitable protection.

Whenever we transfer your personal data out of our group and out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection that it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield scheme, which requires them to provide similar protection to personal data shared between Europe and the US.

Should the United Kingdom cease to be part of the EEA, we will update this section accordingly.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.     

10. How do we keep your personal data secure?

Swann Holdings has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorised persons have access to your personal data. We have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by us.

We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Please contact us using the details in section 15 below if you would like more information about this.

11. Your information rights

Swann Holdings would like to draw your attention to the following rights that you have under data protection law:

  • right to be informed, in a clear and transparent manner, about the collection and use of your personal data – this Notice helps us to meet our obligations in that regard
  • right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information
  • right to have inaccurate personal data that we process about you rectified: we will always be happy to correct any inaccuracies, and indeed we welcome the opportunity of doing so
  • right of erasure (also known as the “right to be forgotten”): this is a right for you to request that we remove or destroy certain personal data about you where there is no compelling reason for its retention. Please note, however, that there are limitations on this right, and in some instances we may be entitled or required not to implement your request
  • right to object to certain processing
  • right to restrict processing: in these circumstances, we may still retain your personal data (on a list of those who have requested a restriction of processing) but will not continue to process it
  • right of portability of your data in certain circumstances.

Please note:

  • you will be asked to provide proof of your identity to ensure we are dealing with the correct person, and we may ask you to provide further details to assist us in the provision of such information
  • we do not ordinarily charge a fee to enable you to have access to your personal data or to exercise other rights. However, in some circumstances we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances

In all cases, we will reply within the time limits set by law.

Please contact us using the details in section 15 below if you would like to know more about, or to exercise, these rights.

These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.

12. Cookies

Our website uses cookies. For more information on which cookies we use and how we use them, please see our cookie policy.

13. Changes to this privacy notice

We may change this Notice from time to time. You should check this Notice on our website occasionally, in order to ensure you are aware of the most recent version.

14. What should you do if you have a complaint?

We hope that you will be satisfied with the way in which we approach and use your personal data.

Should you find it necessary, you have the right to raise a concern with our supervisory authority, the Information Commissioner’s Office: https://ico.org.uk/.

However, we very much hope that if you have a complaint about the way in which we handle your personal data, you will contact us in the first instance using the contact details in section 15 below, so that we have an opportunity to resolve it. 

15. Do you want to contact us?

If you would like to contact us about this Notice or our use of personal data, including if you wish to receive further information, our details are as follows:           

Post:

Swann Group Holdings Limited
The Bloomsbury Building
10 Bloomsbury Way
London
WC1A 2SL

E-mail:
privacy@swannglobal.com

For the attention of:
The Privacy Manager

           

END OF PRIVACY NOTICE