Privacy Notice & Cookies Policy
Another Day Limited, together with any subsidiaries and affiliates (“AnotherDay”), is registered in England & Wales under company number 10169026. AnotherDay understands and believes that privacy is important to our clients and the public, and that you care about how your personal data is used. We respect and value the privacy of all our clients and individuals we deal with, and will only collect, store and use personal data in ways that are described in this policy, and in a way that is consistent with our obligations and individuals’ rights under all applicable privacy and data protection laws including the Data Protection Act 2018 and the General Data Protection Regulation as incorporated into domestic UK law (herein “Data Protection Legislation”).
This privacy notice is for:
- Our clients, including their staff
- Our subcontractors/suppliers, including their staff
- Potential client, subcontractors/suppliers, including their staff
- Potential employees of AnotherDay
- Individuals whose data we process in the course of the services we provide to our clients –the services include: due diligence, threat intelligence monitoring and reporting, investigations in support of potential and ongoing legal proceedings, and risk consulting.
For additional in-depth information on data we process, the lawful basis, how we use and secure the data, please contact us using the details at the bottom of this notice.
What information do we collect?
We only collect personal information that you knowingly give us and that we have genuine use for in accordance with Data Protection Legislation. We collect your:
- full name
- email addresses
- job titles
- company names
- telephone numbers
- written messages (inc. website chat, contact form message, email correspondence etc.)
- employment history
- other personal data that we collect in the course of the services we provide to our clients – this may include: further identity data; special categories of personal data; criminal convictions data; social media handles; written or spoken word; directorships and shareholdings; and data on individuals’ reputations, backgrounds, assets and roles in events.
In further dealings with you, we may extend this to information such as agreements, services used and payment details.
How do we collect information?
We collect data from you when you submit online forms on our website, in person (e.g. exchange of business cards), over email and over the phone. Information may be provided by a third party who wishes to put us in contact (after their own consent).Sometimes, but seldom, we get details from public sources such as company websites and LinkedIn.
We also collect data automatically about your visit to our website, which may become paired with your personal information, please see our cookies section for more information.
When collecting data in the course of the services we provide to our clients, we may collect this data from: our clients; general internet searches; news sites and databases; social media searches; consented data databases; public records; third party sources with on-the-ground or specialist knowledge; or directly from you.
Why do we collect this information, and under what legal basis?
- To enable us to remain in contact with you. It is of legitimate interest to AnotherDay to stay in regular contact with current and prospective clients and subcontractors/suppliers to a) issue proposals and enter into agreements, b)maintain communications in the performance of a contract, c) to keep you updated on our business, products and services d) ultimately generate business or other benefit for either or both parties, and e) take or make payments. It is of legitimate interest to AnotherDay to do this to be able to successfully operate as a business. It is also necessary for entering into and performing a contract.
- To send you blog posts, white papers and email marketing. You will be explicitly asked to opt-in to receive these communications.
- To invite you to an event we host. It is of legitimate interest to AnotherDay to host events, both business and social focussed, to a) generate strategies and solutions within our industry, b) build relationships, and c) generate business for all parties.
- For administration of the website and analysis of website use. It is of legitimate interest to AnotherDay to track user interaction so we know which content is of greatest interest which in turn helps us develop more meaningful content. Please also see the Cookies section below.
- To carry out assessment of potential new employees and hire new employees. It is of legitimate interest to AnotherDay to hire employees to be able to successfully operate as a business. It is also necessary for entering into an employment contract.
- To carry out services to our clients. It is of legitimate interest to AnotherDay(and its clients) to collect and process data – AnotherDay’s purpose is to provide services to our clients, as such it is vitally important for AnotherDay to process data to achieve this purpose. We ensure our legitimate interests (or those of our clients or other third parties) do not override your own interests and rights.
We always ensure that we have a lawful basis for collecting and processing your data, and at least one of the following will always apply:
a) Consent: We may ask for your explicit consent, but you have the right to withdraw this consent at any time. You can do this by using the contact details at the bottom of this notice. We tend to not rely on consent where possible, and instead rely on one the following.
b) Contract: We may process data that is necessary in order to take steps to enter into a contract and to perform our obligations under a contract.
c) Legal obligation: We may process data that is necessary for us to comply with the law.
d) Vital interests: We may process data that is necessary in order to protect someone’s life.
e) Public task: We may process data that is necessary in order to perform a task in the public interest
f) Legitimate interests: We may process data that is necessary for our legitimate interests or the legitimates interests of a third party. In the main this is the interest of operating our business and providing services to clients. We always ensure our legitimate interests (or those of our clients or other third parties) do not override your own interests and rights, and do so by carrying out necessity and balancing tests.
Cookies
Cookies are very small text files that are stored on your computer or other device when you visit some websites. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (through a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, they help us develop more meaningful content, and they perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’).
We use a combination of session cookies and persistent cookies in order to track how you use and experience our website, build anonymous statistical data about how our website is performing, and to power the personalisation of website content to you. Some cookies are essential for our website to perform its basic functions, including those required to allow registered users to authenticate and perform account related functions, as well as to detect malicious/untrusted traffic.
Our website uses the following cookies:
You can choose to accept or decline cookies in your browser settings. Declining the use of cookies may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set, and how to control and delete them, you can visit https://www.aboutcookies.org.uk/.
How do we secure your data
Protecting your data is of utmost importance to AnotherDay. We process data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures in compliance with Data Protection Legislation.
We only retain personal data for as long as necessary to fulfil the purposes for which we process it, or as required by law. Full details of retention periods are available in our data retention policy, available on request.
Your rights
Under Data Protection Legislation, individuals have a number of enhanced rights in respect of their personal data. These are:
The right to be informed
We must provide you with information about the data processing activities we carry out. This must be concise, transparent, intelligible, easily accessible, written in clear and plain language, and free of charge.
This Privacy & Cookies Policy provides you with this information. You can contact our Data Protection Representative for further detail on our data processing activities.
The right of access
We must provide you with confirmation that your data is being processed and access to your personal data. We must comply with any subject access request and we cannot charge a fee unless it is manifestly unfounded or excessive.
This Privacy & Cookies Policy provides you with confirmation your data is being processed. You can contact our Data Protection Representative to request all your personal data and details of processing, and we will provide all data and details within one month of your request.
The right to rectification
You have the right to have your personal data rectified if it is inaccurate or incomplete.
You can contact our Data Protection Representative to request rectification of any data that is inaccurate or incomplete, and we will do so within one month of your request.
The right to erasure/be forgotten
You have the right for your data to be erased where your data is no longer necessary in relation to the purpose for which it was collected/processed, or you withdraw your consent, or your data was unlawfully processed or has to be erased in order to comply with a legal obligation.
You can contact our Data Protection Representative to request erasure of any data. We will do so within one month of your request, except where it is processed: to exercise a right of freedom of expression and information; or to comply with a legal obligation or for the performance of at ask of public interest; or for the exercise or defence of legal claims; or for purposes relating to public health, archiving in the public interest, scientific/historic research or statistics. If we have disclosed your data to third parties, will also inform them of the erasure.
The right to restrict processing
You have the right to restrict the processing of your data where you have contested its accuracy, or objected to the processing and we are considering a legitimate ground which overrides this, or where processing is unlawful, or where we no longer need it but you require it in the process of a legal claim.
You can contact our Data Protection Representative to request restriction of processing, and we will do so within one month of your request. We will further inform you before any restriction is lifted. If we have disclosed your data to third parties, will also inform them of the restriction/erasure.
The right to data portability
You have the right to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This only applies to data that you have provided, where the processing is based on consent or performance of a contract, and where processing is carried out by automated means.
You can contact our Data Protection Representative to request portability of your data, and we will provide it in Microsoft Excel format, to you or directly to another organisation if requested, within one month of request.
The right to object
You have the right to object to the processing of your data, even if we believe it is legitimate to do so.
You can contact our Data Protection Representative to object to the processing of your data. We will immediately stop processing unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms (such as performance of a task in the public interest or exercise of official authority) or the processing is for the establishment, exercise or defence of a legal claim.
Rights related to automated decision making and profiling
You have the right not to be subject to a decision based on automated processing that results in a legal effect on you or significantly affects you in some other way. Profiling is any form of automated processing of personal data to evaluate certain personal aspects of an individual, in particular to analyse or predict certain things, including health.
We do not use your data in this way.
AnotherDay is the Data Controller (as defined by Data Protection Legislation) in terms of the personal data it processes. In the course of providing services to our clients, we can be either a joint Data Controller or Data Processor.
We have assessed that we are not required to formally appoint a Data Protection Officer (DPO) under Data Protection Legislation. However, as part of our commitment to privacy, we have designated our Chief Financial Officer, Tim Townsend, as our Data Protection Representative with the roles and responsibilities of a DPO. If you wish to submit a Subject Access Request, or if you have any concerns as to how your data is processed, or if you would like to know more about how we process, store and secure your data, you can contact Tim using the following details:
Tim Townsend
Email: tim.townsend@another-day.com
Address: Another Day Limited, Holborn Gate, 26 Southampton Buildings, London WC2A 1AN
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
AnotherDay may change this notice and policy from time to time by updating this page, which was last updated on 10th February 2022. You should check this page regularly to ensure that you are happy with any changes.