ONQOR Group Investments Holdings LTD –  UK Privacy Policy

Hello! We figure you’re here because you want to know how we look after your information when you use our website, services or products.  Our lawyers tell us that we have to give you loads of detail, so we’ve set out a roadmap below of the key points which you can click on for the detail.

1. Who we are

2. What information we collect and use

3. Where we get your information

4. What we do with your information

5. Who we share your information with and why

6. How we store and how long we keep your information

7. Your rights in relation to your information

1. Who we are
   1. We are ONQOR Group Investments Holdings LTD, English company number 10860605 with registered office at Unit 1 326A Angel Gate, City Road London EC1V 2PT trading as Get Agency Work, Weblok, [please list the various trading styles used] and any new trading styles adopted from time to time.
   2. We are responsible for looking after information we collect from you, keeping it safe and using it lawfully.  If you feel there’s a problem with how we are doing that, please contact us here: contact@onqor.co.uk
   3. Our platforms may provide links to third party websites – we are not responsible for these and this policy does not apply to them.
2. What information we collect and use
   1. The information we collect and use falls into various categories:
      1. identity – first name, last name, username or similar identifier, title and gender;
      2. contact – email address, billing address, delivery address and telephone numbers;
      3. financial – payment card, bank account details;
      4. transaction – services or products purchased from us and payments made to us, phone call, email, bug Report and project request Logs, meeting notes and recorded phone conversations;
      5. technical – IP address, login data, web browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other specifications of devices used to procure our services or products or access our platforms;
      6. profile – username and password, orders, purchases, and feedback, preferences, interests and survey responses, social media accounts;
      7. usage – how our services, products or platforms are used, including a list of URLs comprising a referring website and the website you exit to; and
      8. marketing and communications – marketing and communication preferences.
   2. We don’t collect or use the sort of personal information that is considered sensitive: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, criminal convictions, information about your health or genetic and biometric data.
3. Where we get your information
   1. Most of the information we collect about you is provided directly by you when you (i) register with us, (ii) use our services or products, (iii) make payments to us, or (iv) send us feedback or any other written communications.
   2. We also receive information indirectly when you use our website [and from analytics and advertising services] – this is set out here: Cookies
   3. What we do with your information
   4. Mostly, we use your information to provide you with services and products. What we do with your information and how this is lawful is set out here: Use
   5. We don’t generally ask you to consent to our use of your information except for sending you marketing. For the delivery of direct marketing to you via e-mail, we’ll need your consent, whether via an opt-in or soft-opt-in:
      1. a soft opt-in consent is a specific type of consent which applies when you have previously engaged with us (e.g. you have contacted us to ask us for more details about a particular product or service, and we are marketing similar products or services). Under “soft opt-in” consent, we will take your consent as given unless you opt-out; and
      2. for other types of e-marketing, we are required to obtain your explicit consent – that is, you need to take positive and affirmative action when consenting.

If you are not satisfied about our approach to marketing, you have the right to withdraw consent at any time.

1. Who we share your information with and why
   1. We may share your information with certain third parties, being those who provide us with (i) our IT infrastructure, (ii) consultancy, banking, legal or accounting services, (iii) payment processing for services or products you purchase from us, (iv) any of our group companies or affiliates to provide services across our group, and (v) other service providers who we use as subcontractors.
   2. We have agreements in place to require such third parties to respect the privacy and security of your information. They are not allowed to use your information for their own purposes but only for the purposes we have specified and in accordance with our instructions.
   3. We do not transfer your personal information outside the [UK / EEA].
   4. If we sell, transfer or merge parts of our business or if we acquire or merge with other businesses, we will share your information with the new owner who will use it in accordance with this privacy policy.
2. How we store and how long we keep your information

Your information is stored securely on Pipedrive / Salesforce, our client relationship management platform which has 256-bit military grade encryption.  We are certified to ISO 27001, the leading international standard for information security.

We only keep your information for as long as we need it – either for the purpose for which we collected it or where we need it to comply with any legal, regulatory, tax, accounting or reporting requirements. Details of how long we keep your information are available in our retention policy which you can find here.

1. Your rights in relation to your information

As you’ll have gathered, we’re keen on you knowing how you can control use of your personal information. The law gives you various rights here (click on the bold words for more detail):

1. 1. 1. request access, correction or erasure your personal information;
      2. object to or restrict our use of your personal information;
      3. request transfer of your personal information and withdraw consent to our continued use.Uses

The ways we may use your personal information and the legal bases we rely on to do so are set out below:

Activity	Type of information	Lawful basis for use
assess prospective clients who may wish to obtain products or services from us	identity and contact	performance of a contract with you necessary for our legitimate interests (promoting or providing our products and services to you or your organisation)
register you or an entity you represent as a new client	identity and contact	performance of a contract with you necessary for our legitimate interests (promoting or providing our products and services to you or your organisation)
perform our contractual obligations to you or enforce your contractual obligations to us including: (i) managing payments, fees, and charges; and (ii) collecting and recovering money owed to us	identity, contact, financial and transaction	performance of a contract with you necessary for our legitimate interests (to recover debts due)
manage our relationship with you, including: (i) notifying you about changes to our terms of business or policies; (ii) contacting you about products or services we provide to you; and (iii) asking you to leave a review or take a survey	identity, contact, profile, marketing and communications	performance of a contract with you necessary to comply with a legal obligation necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services)
administer and protect our business including: (i) financial risk assessment, preventing money laundering, fraud or other wrongdoing; (ii) contacting credit reference agencies and making credit related decisions; (iii) troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data	identity, contact, technical	necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) necessary to comply with a legal obligation
use data analytics to improve our products, services, platforms, marketing, customer relationships and experiences	technical, usage	necessary for our legitimate interests (to define types of customers for our products and services, to keep our platforms updated and relevant, to develop our business and to inform our marketing strategy)
make suggestions and recommendations to you about products or services that may be of interest to you	identity, contact, technical, usage, profile, marketing and communications	necessary for our legitimate interests (to develop our products / services and grow our business)

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Our legitimate interests include the following activities so long as we do them in a way that doesn’t unfairly affect your privacy:

• supplying services to you;
• protecting users, employees, and other individuals and maintaining their safety, health, and welfare;
• promoting, marketing, and advertising our products and services;
• personalising communications or content within emails or on our platforms;
• understanding users’ behaviour, activities, preferences, and needs;
• improving existing and developing new products and services;
• preventing, investigating, and detecting crime, fraud, bullying, harassment, discriminatory or other anti-social behaviour and taking action against perpetrators, including working with law enforcement agencies;
• protecting our business, its users, and partners, by taking appropriate legal action against third parties who have committed criminal acts, or breach their legal obligations to us; and
• fulfilling our duties to our users, partners, colleagues, shareholders and other stakeholders.

Your legal rights 

You can:

• request access – to information we hold about you – we will not charge you for this, unless your request is “manifestly unfounded or excessive”. We may refuse your request in a limited set of circumstances where that is  legally permitted but if we do so we will tell you the reasons why;
• request correction – of any incomplete or inaccurate information we hold about you, though we may need to verify the accuracy of the new information you provide to us;
• request erasure – of information we hold about you where there is no good reason for us continuing to process it;
• object – to us using information we hold about you where we are relying on a legitimate interest and there is something about your particular situation which makes you feel it unfairly affects your privacy;
• restrict – our use of information we hold about you by having us temporarily suspending its processing:

(i) if you want us to establish if such information is accurate;

(ii) where our use of the information is unlawful, but you do not want us to erase it;

(iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; and

(iv) where you have objected to our use of your information, but we need to verify whether we have overriding legitimate grounds to use it.

• request transfer – of information we hold about you (to you or a third party) in a structured, commonly used, machine-readable format. Note that this right only applies to personal information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• withdraw consent  – to our continued use of information we hold about you where we are relying on consent for such use (this will not affect the lawfulness of anything we did before you withdraw your consent). If you do so, we may not be able to provide certain products or services to you and we will tell you if this is the case at the time.

Cookies

1. Use of cookies
   1. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the operator of the website.
   2. We use the following types of cookies:
      1. strictly necessary cookies – required for the operation of our website – they include, for example, cookies that enable you to log in to secure areas of the website, use a shopping cart or make use of e-billing services;
      2. analytical / functionality cookies – allow us to recognise visitors and to see how they use our website which enables us to remember your preferences, personalise content for you and  improve functionality, for example by ensuring that users find what they are looking for easily.
      3. [targeting cookies – record the pages you have visited on our website and the links you have followed so we can make our website and the advertising displayed on it more relevant to your interests – we may also share this information with third parties for related purposes.]
   3. More information about the cookies used and what they are for are set out below:

Cookie type	Name	Purpose
analytical/ functionality	[Google Analytics	This cookie helps us to: (a) Estimate our audience size and usage pattern. (b) Understand how visitors navigate to and through the Site. (c) Track the effectiveness of digital marketing campaigns. (d) Recognise you when you return to the Site. You can find out more about Google Analytics here.
targeting	Google AdWords Conversion Tracking	This cookie helps us to deliver targeted online adverts based on your previous visits to the Site. These cookies expire within 30 days and do not contain information that can identify you personally.  Please refer to the Google Advertising Privacy Notice  and Google Privacy Policy for more information.
targeting	Google AdWords Remarketing	This cookie helps us to deliver targeted online adverts based on your previous visits to the Site. Please refer to the Google Advertising Privacy Notice for more information about the ability to opt out and Google Privacy Policy.
targeting	Google Tag Manager	This cookie helps us to understand visitor information and the source of visits. You can find out more about Google Tag Manager here.]

1. How do I change my cookie settings?
   1. Most web browsers allow some control of most cookies through the browser settings. You can delete cookies but this typically removes any personalisation settings you’ve made and can impact the user experience.
   2. To find out more about (i) cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org, (ii) how to manage cookies on popular web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, Opera ,Apple Safari – for  other browsers visit their developer’s website.
   3. [To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.]