Version: 07 April 2021
A WORD TO OUR DATA SUBJECTS WHOSE INFORMATION WE COLLECT
1. WHO YOU ARE
You are a data subject whose personal data we have collected as part of our intelligence gathering research because it will be useful to our clientele. Because of your prominence and the amount of data we collect, it is not feasible to contact you individually to inform you of your rights under the the General Data Protection Regulation (EU) 2016/679 (“GDPR”) if you are an EU data subject and under the UK GDPR if you are a UK data subject (either may be referred to as “GDPR”). While the GDPR currently only applies to EU and UK citizens, we hope this notice will be helpful to all the data subjects who may be under other applicable data protection laws or may just want to know how we are processing their data and of their right to review and make corrections. Accordingly, we are providing this notice to you on our website.
2. WHO WE ARE AND WHO ARE OUR CUSTOMERS
BoardEx contains more than 2 million profiles of public, private, and non-for-profit organizations and more than 1.5 million people. Approximately 33% of individuals are currently serving on boards of companies, and 38% are either board members or C-Suite. Our data is collected from credible, published sources, and cannot be edited by users. Our data is powered by a team of 350+ skilled analysts who research, verify, and maintain millions of profiles.
Organizations within the Banking, Legal, Accounting, Consulting, Executive Search, Asset and Wealth Management, Private Equity, Corporate, and Academic and Not-for-Profit sectors utilize our data for their internal business purposes only.
3. THE RESEARCH DATA WE COLLECT
We use data gathered entirely from publicly accessible sources such as public registers, trade and industry references, professional directories, reliable print and broadcast media and company websites (we do not use blogs or user-edited content).
4. CATEGORIES OF DATA WE COLLECT ON YOU
The publicly-available data we collect on you relates to areas that our customers would find useful in pursuing a business relationship with you. In addition to providing your name, age, and business contact information, we provide your business and/or employment history and professional affiliations.
We may collect Special Categories of Data under Article 9 of the GDPR only if it is “manifestly made public” by you. We have employed engineering resources to modify our database technology so that access to fields of data can be restricted by us or our customers, as needed to protect your privacy.
5. HOW WE PROCESS YOUR DATA
We use a team of 350+ skilled analysts collect your data from publicly-available sources based on a data collection policy that is designed to ensure accuracy. Under this policy, for example, our data gathering criteria requires at least two independent sources of corroboration before it is accepted. Our hosted services are provided by Amazon Web Services (AWS) at their US-East-1 (N. Virginia) region. All AWS data centres are SSAE 16 certified and no third parties are permitted access to their data centres.
We take appropriate technical and organizational measures to ensure that your data remains secure. AWS is a leading provider of cloud servers and prides itself on its state-of-the-art security. You can read more about its security practices at https://aws.amazon.com/security/.
6. LEGITIMATE INTEREST
As part of our obligation under the GDPR, we have performed a comprehensive review of our data processing activities pursuant to a privacy impact assessment and believe that our processing is justified based on the legitimate interests of our customers and our business; further that such interests are not overridden by your rights and freedoms, particularly given your resources, newsworthiness, and prominence when balanced against the restricted and respectful, narrowly-tailored use we make of your data.
7. RETENTION OF YOUR DATA
Since we are in the business of providing intelligence gathering research, so long as you meet our criteria, we will maintain your data in our secure database. Periodically, we will clean up our database and remove data that no longer meet these criteria or that we no longer believe is useful.
8. INTEGRITY OF YOUR DATA
As indicated above, we employ a criteria process under our data gathering process that is designed to ensure the accuracy of the data. Despite these efforts, we cannot guarantee the accuracy of all our records. However, we do perform periodic review of the data and make updates when we identify or learn of error or needed updates. Much of the data we collect is historical and thus needs no updating.
9. ACCESS AND CORRECTION OF YOUR DATA
If you are located in the EU, UK or in a country that provides access and correction rights, we welcome your request to access, correct or update your data that we hold about you. You can request that we delete your information with respect to data that does not meet a lawful justification for processing as well.
If you wish to exercise these rights, please contact us by:
Data Protection Officer
Euromoney Institutional Investor
PLC8 Bouverie Street
London, EC4Y 8AX
We may need to check your identity prior to processing a request. We will do our best to respond to any questions and address any of your concerns. You also have the right to complain directly to the Regulator regarding the processing of your personal data with the UK Information Commissioner. You can contact them at the link provided or by post to:
Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow, Cheshire, SK9 5AF
10. CHANGES TO OUR POLICY
11. MORE INFORMATION
Data Protection Officer
Euromoney Institutional Investor PLC
8 Bouverie Street London, EC4Y 8AX
or by email at firstname.lastname@example.org.
© 2021 BoardEx. All rights reserved.