Your information is very important to us and we look after your information carefully in line with the latest data protection and privacy laws.
Below, we have set out more detail on those laws and on what information we collect about you and how we use that information.
Please do read this policy so you know what we are doing with your information.
The rights of individuals are protected by the General Data Protection Regulation (Regulation EU) 2016/679) and/or any English law replacement of the same and the Data Protection Act 2018 (the “Data Protection Legislation”). These impose restrictions and controls over the way that ESMA collects and uses personal data.
- What is personal data?
“personal data” is information relating to a living individual where the individual can be identified from the data, or the individual can be identified from that data combined with other information held by us (or likely to come into our possession). This might include a name, address, telephone number, email address or photograph. It could also include identifiers such as an identification number or a pseudonym. It does not include anonymised data, where the identity has been permanently removed and cannot be matched back to an individual through other data held so that it is no longer possible to identify an individual.
- What are special categories of data?
“special categories of personal data” is data which includes more sensitive or personal information about an individual. This might include information relating to an individual’s racial or ethnic origin, physical or mental health, religion, or criminal offences.
- What services does this policy cover?
This policy covers all of the services available on Platform (“Services”) and any reference to “you” or “your”, means you as user of our Services. This policy applies to the collection and use of your information by us and parties that we use to deliver the Services (such as our suppliers and sub-contractors).
- What information does ESMA collect?
What information we collect about you depends which of our Services you are using or providing. The information that we may collect includes:
- your name, address, postcode, email address, telephone number, photograph, examination grades, work experience, extra-curricular activities, date of birth, gender and/or ethnicity;
- information about your use of or delivery of Services including details of the content you viewed on our Platform, how long you stayed and on which pages, and your navigation around the Platform; and
The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with Data Protection Legislation. Any access request is free of charge.
- When and how do ESMA collect information?
We (or our authorised third parties) may collect information about you:
- when you register to receive Services;
- when you contact us with an enquiry or other feedback;
- in monitoring your use of the Services including (without limitation) communications sent by you via the Services;
- through the use of “cookies” and/or other devices. For full details, see the section entitled “Cookies and similar devices” below;
- when you disclose your personal information to us or otherwise through the Services at any other point;
- from third party suppliers who have confirmed to us that they are authorised to pass your information to us in accordance with your legal rights.
- How will ESMA use my information?
Your information may be used by us and our authorised third parties to:
- assist in and administer the provision of Services to you;
- monitor, develop and improve the Services and/or your experience;
- process and deal with any complaints or enquiries made by or about you;
- contact you with further information about our Services (if you have requested to receive this).
- Do we disclose your personal data to third parties?
We may disclose your personal data to third parties:
- to third parties authorised by us and acting on our behalf such as our employees, contractors, suppliers and/or agents including without limitation our customer care teams to administer the Services provided to you by us now or in the future;
- where we have your consent to do so, for marketing communications;
- as part of general, statistical information about the Services’ user base, traffic volumes and related matters. These details will not include information personally identifying you;
Please note this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) platforms, websites or applications/widgets provided by third parties.
- What are ESMA’s legal grounds for processing my information?
We will only process your personal information where we have legal grounds to do so. Generally, we will only process it on the following grounds:
- you have given consent for the processing. When we rely on consent to process your personal information, you will always have the right to withdraw this consent either by clicking the ‘unsubscribe’ button if there is one or by emailing us at: email@example.com; or
- the processing is necessary for the purposes of the legitimate interests pursued by ESMA or an authorised third party.
- Will I be sent marketing messages?
We will only send you information about our Services if you indicate that you wish to receive such messages (e.g. by “opting-in” by ticking a tick box). Where we have your consent or are otherwise permitted to do so, we may send you information by email, telephone (including SMS and MMS), mail or other methods of communication.
To stop receiving marketing communications from us, you can use the ‘unsubscribe’, ‘stop’ or similar facility contained in any such communication or you can email us at: firstname.lastname@example.org, stating that you do not wish to receive further communications from us.
- How long will ESMA store my personal data?
Unless you request that we delete your information we will keep your information until you no longer require access to or provide the Services.
- Cookies & similar devices
In addition, in common with many other online services, we and our authorised third parties may use “cookies” and/or other tools to store and sometimes track information about you in accordance with paragraphs 14 to 16 inclusive below.
- What are cookies?
Cookies are small files of letters or numbers. These files are stored in the memory of your computer (or relevant device) or are placed on the hard drive of your device. Those stored on your device are generally known as session cookies. Those stored on your hard drive are generally known as persistent cookies.
You can find out more about cookies, including how to disable / enable and delete them, at the following website: allaboutcookies.org.
We use two types of cookies on our Platform:
- Google Analytics cookies – these provide us with analytical information about the use of our services; and
- Authentication cookies – these are used for registration and login authentication.
We use these cookies to help provide and review our services, for example to:
- allow you to access your stored information you have registered with us;
- count the number of visitors to our Platform; and
- see how you and other users move around our Platform.
You can block the cookies that we use by activating the settings on your browser that allow you to refuse the setting of all or some cookies. However, if you block all cookies (including essential cookies) you may not be able to access parts of our services, or you may experience reduced functionality when accessing certain services.
- When do my cookies expire?
Most cookies will expire at the end of your current session on our Platform, but some have an extended lifespan.
- How can I turn cookies off?
You can block most cookies by activating the setting in your browser that allows you to refuse the setting of all or some cookies.
- Are my details safe?
We endeavor to take all reasonable steps to protect your personal information. We are careful to choose storage facilities that we have had assessed and we are confident are suitably secure to store your information.
Please always think carefully before disclosing information to other users of the Platform or otherwise making your information publicly available. It is important that you are aware that any information you disclose to another user of the Platform may then be disclosed by that user. We have no responsibility or control over the contents of communications made between users of our Services.
- What are my rights?
Any personal information you supply will be treated in accordance with the Data Protection Legislation.
We are committed to delivering the rights that individuals are entitled to. These are:
- the right to request a copy of the personal information we hold about you. To do this, please contact us at: email@example.com, making clear that you are requesting a copy of your personal data and including full details of what you require. You may also be required to submit a proof of your identity;
- the right to object to your personal information being used for direct marketing. We will give you the ability to object to this, and where required we will ensure we obtain your consent before undertaking marketing;
- the right to object to your personal data being processed where the legal basis for the processing is our own legitimate interests as a business (see the ‘legal basis for processing’ section above). We will comply with such a request unless there is a lawful reason for not doing so, such as, when we need to continue to process your data to defend a legal claim or comply with safeguarding rules, regulations and legislation;
- the right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data;
- the right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your personal data is essential;
- the right of erasure. You may request that we erase your personal data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as, a legal obligation that we have to comply with;
- the right to data portability. In certain circumstances, you may request that we provide your personal data to you in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services to us. Where this right is applicable, we will comply with such transfer as far as it is technically feasible; and
- the right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
- How can I change my details?
Where you register your details for certain Services and open a user account with us, you can then use that to access and log on to use those Services. You may change or update some of your details at any time via your account. If you are not registered for these Services but wish to update your details then please contact us at: firstname.lastname@example.org You should please make sure that you update your details as soon as possible with all relevant changes.
- Data controller
Data Controller: LEXJAM CONSULTING LIMITED (11861318), James House, 70 Chipstead Park, Sevenoaks, Kent, England, TN13 2SH. Our Data Compliance Manager is Barry Murphy. You can contact our Data Compliance Manager in writing using the following contact details: email@example.com. The tasks of our Data Compliance Manager include (for example) monitoring our compliance with applicable data protection laws and acting as contact for individuals whose data is processed by us.
- Contact ESMA
If you would like to discuss any aspect of this policy or the way ESMA processes your information please contact: firstname.lastname@example.org