Concep are committed to protecting your privacy
We provide marketing technologies to globally trusted brands in financial and professional services. Adhering to our clients’ strict data security and privacy policies is a top priority and we strive to exceed both clients’ and industry standards. Our marketing software architecture and feature-set, combined with our embedded ISO27001 data management and security processes, means we exceed the requirements of the most data conscious organisations.
We comply with data protection and privacy legislation in the countries in which we operate.
The Data Controller in respect of our website and services is Concep Group Limited, 3rd floor, 201 Borough High Street, London, SE1 1JA.
In this document when we refer to “Concep” we mean Concep Group Limited and its subsidiaries and associated affiliates; Concep Pty Limited in Australia, Concep Inc. in the US, Concep Bulgaria EOOD in Bulgaria, and Concep Limited in the UK; (“Concep”). All Concep companies are committed to protecting your privacy.
The information we collect about you, and the reasons we do so, will vary depending on who you are.
On our clients we hold name, address, phone and email contacts, as well as your IP address if you are contacting us through our website.
Our lawful basis for collecting personal information if you are a client, is in order to fulfil our contractual obligations to you and on the basis of our legitimate business interests in maintaining contact with clients.
We may collect information about you when you download a report from our website, request a trial of our services, request information about our company, or when you attend one of our events or you meet one of our people at a third-party event. This may include your name and contact information as well as other information regarding your business or area of interest. If we collect this information through our website, we may also collect the information mentioned in the ‘website visitors’ section of this Privacy Notice.
We will use this information to keep you informed about developments in our business and services that we believe you will find of interest. If you have requested a trial of our services, we will use the information in order to provide the trial access, and to follow up with you afterwards on your experience of trying our services. Our lawful basis for this use of information is that it is in our legitimate business interests as a commercial enterprise to inform potential clients and other interested parties about our services. If at any time you wish us to stop contacting you, please email email@example.com and we will stop.
Information you provide voluntarily
When you contact us, register for seminars, activities and programs available, or request information or services from us, you may choose to provide us with personal data, such as your contact details. We may also collect other types of personal data indirectly through our clients’ use of our services. If you supply us with the personal data of a third person, such as your spouse, colleague, friend or client, we accept that information on condition that you have given that third party all legally required notifications about our collection of the information, and have all rights required from that third party to provide the data to us to use for our business purposes.
When you voluntarily submit personal information on our website, or through other digital channels, we may use that information to contact you with products and services we believe you will be interested in, or to provide you with products you have signed up for. Our lawful purpose in doing so is that it is in our legitimate interests as a commercial organisation to keep in contact with people who have expressed an interest in our services and may become clients.
You can opt-out from our communication at any point by using the unsubscribe link in the footer of our e-mail campaigns. You can also contact our team here (https://www.concep.com/contact/) and request to be removed from our lists.
Information we automatically collect
If you do not actively submit any personal information (name, email address, etc.) while on our site, there is still a possibility that personal information is being gathered. This could include location data, online identifiers such as IP addresses, along with the advertising identifier of any mobile device you use to access our digital channels. It also includes cookies used by us or by third-party service providers.
A cookie consists of a small piece of data sent by a web server to a web browser, and stored by the browser. The data is then sent back to the server each time the user visits the website or navigates to other pages within the website This enables the website to identify and track the web browser but also to deliver the best experience to visitors.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to keep track of you whilst you navigate the website. Session cookies last for as long as you keep your browser open. They expire when you close your browser. We will use the persistent cookies to enable our website to recognise you each time you visit, enhancing your experience and to enable third party services. Persistent cookies expire at a fixed point in time or if you manually delete them from your browser, whichever occurs first. You can find instructions on how to delete cookies here (http://www.allaboutcookies.org/manage-cookies/clear-cookies-installed.html) and how to disable cookies here (http://www.allaboutcookies.org/manage-cookies/).
Please note that disabling cookies may limit your usability of our website.
Third party cookies
We use third party cookies for analytical and targeting purposes. Among the third party cookies used by us are Google Analytics and LinkedIn.
Analytical cookies track and gather data about what a user does on a website. We use Google Analytics cookies on our website. Google Analytics cookies help us understand how you engage and interact with our website, including how you came to our website, which pages you visited, for how long and what you clicked on, your location (based on your IP address). Google Analytics insert a range of cookies to provide the reporting described above and these cookies can last from 24 hours to 3 months. The information we collect using analytical cookies is collected on an anonymised basis.
Targeting cookies and similar technology (i.e., beacons) record information about your visit to and use of our website. It allows us to target visitors for advertising based on behaviours or demographic information. The information we collect through this third party using targeting cookies is presented to us as anonymised data.
Our lawful purpose for collecting personal information about website traffic is that it is in our legitimate business interests to seek to improve our website and to understand how it is being used.
We do not source personal information from third parties.
When we are acting as a data processor, we process personal information on behalf of our clients. Such information is processed under contractual obligations of privacy and care and in accordance with relevant data protection law.
Concep will not sell personal information to third parties. We only transfer personal information to other parties as follows:
In order to optimise our service to clients, and make best use of our resources, we may transfer personal information to our other group companies.
Concep uses suppliers to collect, process, store, use, analyse and/or transfer the data on its behalf. We require that these suppliers handle the personal data they process or transfer in a manner consistent with Concep’s policies, and any relevant data protection law. By submitting the personal data to us, you acknowledge and agree with your data being processed and/or transferred on Concep’s behalf by its suppliers.
Such suppliers include: hosting service providers, email and marketing communications and event app service providers, support software providers and CRM providers. We change our suppliers from time to time, but if you would like information about which service providers we currently use, please contact us on firstname.lastname@example.org.
We use a CRM provided by Microsoft to store personal information on clients and business contacts. This data is hosted in data centres located in the Netherlands and Ireland. You can get more information about their privacy policies here: https://www.microsoft.com/en-us/TrustCenter/CloudServices/Dynamics365 or https://privacy.microsoft.com/en-us/privacystatement
When we run events jointly with specially selected partners we may share such personal information as you provide during the registration process with such partner. In such cases, it will be made clear on the registration page or form that information will be shared in this way.
Employees, freelancers and contractors
Only those personnel who need to deal with personal information as part of their job or contract with us will have access to such information. All such personnel are under obligations of confidentiality regarding personal information.
We may need to pass personal information to certain of our advisors, such as auditors and legal advisors; and we may in certain circumstances need to share personal information with our insurers. Any such disclosure will be made under conditions of strict professional confidentiality.
Law enforcement or other Governmental or Regulatory Authorities
Please be aware that it is possible that personal data you provide to Concep may be subject to disclosure under the law (e.g. to comply with statutory requirements, court orders or subpoenas) in the countries in which Concep operates. If this is the case, we will contact you to inform you of this required disclosure to the extent that it is practicable and lawful for us to do so.
We keep your personal information only for so long as we have a lawful reason to keep it. For clients, this will be for as long as you are a client plus the length of time relevant tax or other authorities require that we keep such information. For business contacts this will be for as long as we believe you have an interest in our products and services.
Concep uses various organisational and technical measures to protect your privacy and avoid unauthorised use or disclosure of your personal data. However, you should note that no transfer of data over the Internet is completely secure. While we use reasonable efforts to protect your data on our systems, when the data is transferred over the Internet, it may be accessed and used by unauthorised third parties. Concep has no control over the performance, reliability, availability or security of the Internet and cannot guarantee that any information transfer via the Internet or any communication through the Internet is secure.
Individuals have rights over their personal information under the EU General Data Protection Regulation (GDPR). To exercise, or enquire about, any of these rights in relation to Concep, please email email@example.com. Please note that to exercise these rights, we may need to ask you for information to confirm your identity. In all cases we will respond to you as quickly as possible, but in any event within the permitted time limits (normally this is 30 days).
Right of access
You may contact us to ask if we hold information about you as a Data Controller, and if so what information we hold, and on what basis we hold it. We will reply promptly – but in any event within the legally mandated time limit. If you contact us about any information we hold as a Processor for another Data Controller, we will pass your request to that Data Controller.
Right to rectification
If you believe the personal information we have is inaccurate or incomplete, you may let us know and if we agree that it is inaccurate or incomplete, we will correct it.
Right to erasure
In certain circumstances, you may ask us to delete all personal information we hold on you. This might include where our lawful reason for processing no longer applies (for example, if we were processing on the grounds of consent and you withdraw consent).
Right to restrict processing
You can ask us to restrict processing of your data in circumstances where you have exercised your right to rectify information, or have challenged the lawful basis on which we process your information, or where we no longer need your information but you want us to keep it so that you can use it to create, exercise or defend legal claims.
Right to object
If we are processing your personal information on the grounds of our legitimate interests, you have the right to object to this. We will only continue to use your personal information in the same way if we believe we have an interest which overrides your objection. You have the right to complain to the relevant Data Protection Authority if you think we are wrong (see below).
Right to complain
If you are concerned that we have breached a privacy law or code binding on us, or you have other cause to complain, please send an email to firstname.lastname@example.org. We aim to respond in a reasonable time, and certainly within applicable legal limits. Our Privacy Officer will manage your complaint and will give you additional information about how it will be handled.
You may also complain to the relevant Data Protection Authority which, in the UK, is the Information Commissioner’s Office (ICO) who you can reach at ico.org.uk or +44 303 123 1113. Further information about your rights under the GDPR is available on the ICO website.
As noted above, refusal of cookies can have a negative impact on the usability of our site.
Certain of our services can only be provided if we collect personal data from you. This will include client services, trials of such services, attendance at events, and some of the content on our website or other digital channels.
In order to make sure this information is up-to-date and best reflects how we use personal data, we may change it from time to time. We recommend that you check the Notice periodically. If there is a major change in the way we collect or use data which might impact on your privacy, we will take all reasonable steps to notify you.