Glenmore Holdings Limited (“Glenmore”, “we”, or
& Privacy Notice (“Notice”) explains how we use (“Process”) your personal information (including personal information that you provide to us about other persons) (together, “Personal Information”). It also explains your privacy rights and how you can exercise them.
Glenmore is a private limited company registered
in England & Wales under company number 05653127 and with a registered office at Kinetic Business Centre, Theobald Street, Borehamwood, WD6 4PJ is responsible for and is the ‘Data Controller’ for the Personal Information it collects about you (including through the website: glenmore-group.co.uk. The type of Information we collect and how we Process it will vary depending on the relationship we have with you (e.g. whether you are a client, a supplier or someone else).
Please note in particular that:
We will publish updates to this Privacy Notice on our website, with relevant changes highlighted as appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise your privacy rights.
If you have any questions regarding our processing of your Personal
Information or would like to exercise your privacy rights, please email
Keith Partridge at [email protected].
We collect Personal Information to provide our services, for legal and regulatory purposes and to manage our business and relationships. For further details, please see the ‘Use of your Personal Information’ section of this Notice below.
Personal Information about you or your business which is publicly available, for example on your employers’ website, public professional social networking sites, the press; and relevant electronic data sources.
Personal Information provided to us by third parties (for example by our or your clients; agents; suppliers; advisers; consultants, lawyers and other professional experts; counterparties; previous, current and future employers; correspondents and enquirers; regulators and public authorities; relatives; and other persons) where such Information is provided to us in connection with the relevant purposes set out in this Notice.
You will voluntarily provide most of your Personal Information directly to us. We will also obtain Personal Information from other sources or persons. Sometimes the provision of your Personal Information to us by third parties will be unsolicited and/or provided in confidence (for example, reports made to us by regulators and other persons) and we will be unable to notify you of this. In all cases we shall take such necessary steps to ensure that Personal Information is obtained and used in a fair and lawful way.
The categories of Personal Information we collect will vary, depending on our specific relationship with you and the context.
We will not be able to further our relationship with you (for example, to provide you with property services if you are a client or engage you if you are a potential supplier) without certain Personal Information. We will inform you at the relevant time if this is the case.
We will in most cases need to collect your work details (such as your name, job title, work address, office email and telephone number). Other types of Personal Information which we will typically collect includes, for example:
In certain circumstances we will need to collect more sensitive Personal Information, such as (unless applicable local law prevents this) diversity and health data, and details of offences, regulatory action and related proceedings (“Sensitive Information”). Such information may be collected from you or, in those jurisdictions where it is permitted under applicable local law, from third parties.
This will typically be more relevant: (a) where necessary to enable us provide you with our property services; or (b) as part of our due diligence on third parties (including clients and related persons, and suppliers) – please see the relationship-specific sections of this Notice for further information.
Sensitive Information may also be inadvertently disclosed to us (for example, if you provide us with your dietary requirements for the purpose of a business meal – which may give an indication your religion or health. Providing the name of your spouse or partner to us may also reveal your sexual orientation).
We will only request Sensitive Information where necessary and we are legally allowed to and will put in place enhanced safeguards to protect such Sensitive Information.
Our Processing of your Personal Information will include obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, copying, analysing, amending, retrieving, using, systemising, storing, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it by automated or non-automated means.
The GDPR require us to communicate to you the purposes for which we Process your Personal Information (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. These are summarised in the tables below. As the GDPR requirements are relatively new, the way we have grouped the Permitted Purposes and Legal Basis may change as more regulatory guidance and market practice develops.
Further details on: (a) security and business continuity arrangements; (b) client due diligence, pre-hire checks and supplier vetting; and (c) equal opportunities monitoring and reporting, can be found in ‘The types of Personal Information that we collect’ section above. For further information about marketing, cookies and profiling, please see the ‘Marketing, cookies and profiling’ section.
We Process Your Personal Information for one or more of the following general Permitted Purposes. Where the Processing involves Sensitive Information, see also the second table under the heading ‘Sensitive Information’.
Where it is necessary to perform our contract with you or to take steps at your request to enter into the contract. For example:
Where it is necessary for compliance with a legal obligation. For example:
Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms. For example:
We consider that our legitimate interests and these uses are proportionate, and compatible with your interests, legal rights or freedoms. Details of the balancing test undertaken in respect of such Processing is available upon request.
Where you provide your consent. For example:
Where we are legally permitted to do so and one of the general Permitted Purposes apply, we will Process Sensitive Information for one or more of the following additional Permitted Purposes:
Where the processing relates to Sensitive Information manifestly made public by you. For example, Sensitive Information included on your employer’s website, your LinkedIn profile, the press, or otherwise online and/or in public, which is Processed for one or more of the general Permitted Purposes.
Where it is necessary to protect your vital interests or that of another person where you/they are physically or legally incapable of giving consent. For example, the disclosure of your Sensitive Information to medical staff in the event of medical emergencies in circumstances where consent cannot be provided.
Where you provide your explicit consent, except where applicable law prevents it. For example:
We generally rely on our legitimate interests to Process your Personal Information for marketing purposes. We will inform you in advance of sending you marketing (unless this is reasonably obvious in the circumstances – for example, when you provide us with your business card during a formal meeting).
If you are concerned about cookies, most web browsers (Safari, Internet Explorer, Chrome etc) now recognize when a cookie is offered and allow you to opt-out of receiving it. You can also delete all cookies that are already on your browser. If you choose to do this, you may have to manually adjust some preferences every time you visit our websites and some services and functionalities may not work.
For more information about cookies and how to
disable and/or delete them, please visit allaboutcookies.org
Where you are known to us and have been added to our contacts database, we will: (a) use your marketing and content preferences, and other Personal Information you provide to us (including details of your attendance at, or interest in, events) in an identifiable format to build a profile for you; and (b) supplement this profile with information about how you use our website, review our content and interact with us. We use this profile to try and ensure that you only receive material and information from us that you are likely to find of interest.
You can change your preferences for receiving group marketing emails, regulatory updates and other information from us by emailing us at [email protected].
You also have the right to ask us not to process your Personal Information for marketing purposes – and can exercise the right at any time by sending us an email as above.
Electronic information is stored by us in the Cloud. All Microsoft Word, Excel and PowerPoint electronic information is encrypted and automatically uploaded and synchronised in the Cloud.
We will also at times need to share some of your Personal Information with select third parties, such as:
Our suppliers will usually be based in the United Kingdom. Other agents, consultants and professionals may be based in other countries.
Current or Potential affiliates and successors in title to our business, who may be based around the world.
Business partners (for example, law firms or financial/tax advisers and other professionals) with whom we collaborate to provide joint services to you.
Where disclosure is required by applicable rules and law, or by any court, tribunal, law enforcement, regulatory, public or quasi-governmental authority or department around the world.
If you attend an event organised or hosted by us, we may disclose your details to others who attend or participate in the organisation of that event (as notified to you).
Any other persons with whom we may interact on your behalf or at your request and/or where this is otherwise necessary in connection with the Permitted Purposes.
(collectively, “Select Third Parties”)
We do not disclose (or sell) your Personal Information to any other third parties.
This Processing will involve the transfer (sometimes via cloud computing) of some of your Personal Information to other countries whose privacy laws may not be as comprehensive to those where you are based. Where third party and/or cross-border transfers take place, we will put enhanced confidentiality and information security safeguards in place to ensure the lawfulness of the transfer, and protect your Personal Information. For further details, please see the Security of your Personal Information and data breaches section of this Notice below.
We operate technical, non-technical and procedural controls to safeguard your Personal Information (including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage). In particular:
We will keep these arrangements under regular review, taking into account security and compliance best practices, current risks, threats, vulnerabilities, mitigating controls, technology, and changes in applicable legal requirements.
If a data breach (leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information) occurs which is likely to result in a high risk of adversely affecting your rights and freedoms, we will inform you of this without undue delay. Where legally permitted, any such notifications will be made either via email, post or telephone.
We will only keep your Personal Information in an accessible form which can identify you for as long as we need to for the Permitted Purposes. As retention periods can vary significantly depending on the Permitted Purpose and the relevant jurisdictions concerned, it is not possible for us to commit to an overall retention period for all of your Personal Information held by us. For example, we are under legal obligations to keep certain records for specific periods which will usually extend after the end of a contractual relationship (including minimum statutory retention periods in respect of client due diligence documents – which vary from jurisdiction to jurisdiction).
As a result, we use certain categories and criteria to determine how long we keep certain of your Personal Information, and these are set out below. Where your Personal Information is used for more than one Permitted Purpose (and/or in more than one jurisdiction), there will be overlapping retention periods in respect of that Information. In such cases, we will retain your Information for the longer of those overlapping retention periods. We will also transfer paper files into, and store them in, electronic format where appropriate.
Personal Information Processed in connection with client matters. Up to 5 years after the date of our final bill for the relevant matter, unless:
Personal Information used for marketing purposes. For as long as you have not opted out of our marketing. If you ask us to no longer use your Personal Information for marketing purposes, we will need to retain certain of your details in our database to ensure that we do not accidentally send you marketing material.
Where we no longer require your Personal Information, we will take steps to delete or anonymise it. There will be circumstances where certain Information cannot be permanently deleted or anonymised, for example because it is stored in our back-ups for business continuity purposes.
In such cases, we will take appropriate steps to minimise (and pseduonymose where technically practicable) the Personal Information that we hold, and to ensure that it is: (a) not used in connection with any decision involving you; (b) not shared with anyone, except where we are legally required to do so (e.g. following a court order); (c) kept secure and virtually inaccessible; and (d) permanently deleted if, or when, this becomes technically possible.
The following privacy rights apply under the GDPR. Although applicable data protection legislation in relevant jurisdictions afford similar rights, there may be circumstances where some of these rights do not apply under or are modified by, local law. Further information can be sought from our privacy contacts. In the event of any inconsistency, the applicable local legislation will prevail.
You can ask us to provide you with privacy information about how we Process your Personal Information. That information is set out in this Privacy Notice, together with any other specific notices which are provided to you at the time of collection of your Information.
You can request us to confirm whether we Process your Personal Information. You can also ask us to access your Personal Information.
In the event that we hold inaccurate or incomplete Personal Information, you can ask us to rectify or complete that Information.
You can also ask us to erase your Personal Information. This right is not absolute and only applies in certain circumstances.
You can ask us to restrict the Processing of your Personal Information (or to suppress it) for a certain period of time. This right is not absolute and only applies in certain circumstances.
You can ask us to move, copy or transfer your Personal Information back to you or to another person under certain circumstances. This right only applies: (a) to Personal Information you have provided to us as a Data Controller; (b) where the Processing is based on your consent or for the performance of a contract; and (c) when processing is carried out by automated means.
You can ask us at any time to stop Processing your Personal Information for marketing purposes. Where there are legitimate grounds to do so, you can also object to us Processing your Personal Information on the basis of our legitimate interests and in certain other situations.
Where we are Processing your Personal Information on the basis of your consent, you can withdraw that consent at any time.
You have the right to: (a) ensure that any significant decisions affecting you are not made purely by automated means based on an online profile or other information (i.e. a person is involved in the decision-making), and (b) that you can express your views and to challenge the decision. We are also under obligations to ensure that any profiling is undertaken in a fair and transparent way.
For further details about these privacy rights under GDPR (including their limitations), please see the European Commission’s website.
To exercise your rights, please send a written and dated request (a “Request”) to [email protected]. Please note that:
We hope to address any enquiry or Request to your satisfaction, but if we do not, you have the right to lodge a complaint with the relevant data protection regulator in the country where you normally live or work, or where an alleged breach of data protection is said to have occurred (such as the Information Commissioners’ Office in England)
If you have any queries regarding this Privacy Notice or our processing of your Personal Information, please email us at [email protected].
this website is used by our visitors. By
continuing to use this site you are
giving us your consent to do this. If you
would like to see full details of our data