Privacy

1. Who we are and the purpose of this policy

Who are we and how to contact us

We are SB Strategic Advisory Limited, trading as Silverbridge.   We are a company incorporated in England and Wales, with registered number 13681162 and registered office at The Smiths Building, 179-185 Great Portland Street, London W1W 5PL.  We are registered with the Information Commissioner’s Office, registration number ZB245506. Our email address is: contact@silverbridgeintelligence.com

Purpose of this privacy policy

This privacy policy addresses how Silverbridge collects and processes personal data that you  choose to provide to us or that we need to process in the course of operating our business. 

Changes to our privacy policy

We keep our privacy policy under regular review and so it may be updated periodically to take into account changes in laws, regulations, and industry standards.  Notice of any change may be by posting a notice on our website or by other means, consistent with applicable law.  

2. The data we process

Silverbridge is considered a controller of any personal data where we determine the means and method of the processing.  For example, we are a controller of any personal data collected through this website, or for any marketing or client relationship management purposes, or where we need to collate and analyse personal data to provide our service to clients or where processing of personal data is used for compliance with our own internal procedures or legal and regulatory requirements. Additionally, we may process personal data as a data processor upon the instructions of our clients. 

We may collect, use, store and transfer different kinds of personal data which we have grouped together as follows:

  • Data of our clients: for example, client contact details, client business information, client project information, necessary financial and billing information, information to maintain client relationships, records of work done, key contacts for a particular project.  We collect this in order to operate our business and in order to fulfil our contracts with our clients and to comply with any legal or regulatory obligations. 

  • Data of our website visitors: for example, information we collect through our cookies (about the way in which our website is used), information you choose to provide to us through our “contact us” page.  We collect this in order to operate our business and respond to queries and potential business enquiries. 

  • Data we are asked to collect by our clients: Please section 7 below.

Children

We do not knowingly collect or process personal data from children, and no part of our service is directed to them.

3. How is personal data collected?

We use different methods to collect personal data including through:

  • Direct interactions. You may choose to provide us with information (through our website, over the phone or other online means, in person or otherwise) relevant to your business or a particular project.   

  • Third-Parties.  We may collect data from third-parties, including publicly available information from our business partners and otherwise as set out in section 7.

4. Sharing personal data

We may share personal data with the following parties where we have lawful grounds for doing so and in compliance with out data security obligations outlined at 6 below: 

Third party service providers 

  • Service providers acting as processors who provide our IT and system administration services and cloud service providers.

  • Our third-party partners, agents and sub-contractors who are contractually bound to us to provide a particular service to us to facilitate our business.   

Other Third Parties

  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • Regulators and other public authorities including law enforcement agencies where required by law. 

  • Our clients and their advisers where they have a lawful basis for processing personal data.

  • In connection with, or during negotiations of, any merger, sale or transfer of company assets, financing or acquisition of all or a portion of our business.

5. International transfers

We may transfer personal data outside the UK/EEA in our performance of the services. Some of our clients and third party service providers are based outside the UK/EEA.   We always endeavour to ensure a data transfer is secure and protected by the same standards expected in the UK. Unless a specific derogation applies, when we transfer personal data out of the UK or the EEA, we ensure an appropriate degree of protection is afforded to it by ensuring one of the following safeguards is implemented:

  • We may transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the UK’s Information Commissioner’s Office (ICO).

  • We may use specific contracts approved by the European Commission or ICO which aim to give personal data the same protection it has in the EEA and United Kingdom.

6. Data security

We take security of our systems seriously.  We have put in place commercially reasonable security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.

7. Data collected and processed for our clients

In the course of providing our services to clients, we may process personal data on individuals who are the subject of, or relevant to, those services.  We may collect data through interviews with suitable individuals and we may also collect data through open-source research including public records, online searches, news aggregators and specialist databases.

In accordance with data protection laws, where we collect and process personal data for the purpose of certain services we provide to clients, we do not provide direct access to this privacy notice to individuals affected by those services where to do so would seriously impair the objectives of that processing.  However, at all times we take appropriate measures to protect any data subject’s rights and freedoms and legitimate interests and the information about our processing in this way is made publicly available in this website notice. 

Further, we conduct Data Processing Impact Assessments, to ensure that any data collection and processing is in accordance with data protection law.  The lawful basis for such data processing will vary depending on the nature of the project, but will include where the lawful basis is:

a) necessary for the purpose of our or our client’s legitimate interests. These interests may include ensuring that the client does not take actions that could result in legal liability, reputational impact or other adverse effects;

b) necessary for the prevention or detection of an unlawful act;

c) necessary for the establishment, exercise or defence of a legal claim;

d) where it is in the vital interest of the data subject or a third party.

Where we need to process sensitive personal data, we ensure we have a compelling reason for doing so and that such processing is in accordance with data protection laws. 

Individuals whose data is processed during the course of our client services have the same rights as all other data subjects and personal data processed in this manner is subject to the same safeguards as set-out in applicable law and this Privacy Policy.

8. Data retention

We will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain personal data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation, or as required or permitted by applicable law.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

9. Data subjects’ rights

Under certain circumstances, anyone whose data we hold (a data subject), has rights under data protection laws. The following rights may be available depending on the particular circumstances:

  • Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and certain information to check that we are lawfully processing it. 

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there are valid grounds for doing so and subject to applicable law. 

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

· If you want us to establish the data’s accuracy.

· Where our use of the data is unlawful but you do not want us to erase it.

· Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

· You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Right to data portability. You may have the right to receive certain of your information in a structured, commonly used and machine-readable format and to transmit such information to another controller.

  • Object to processing of your personal data where we process your data based on legitimate interest.  We will assess your objection and determine whether we have any compelling legitimate grounds or legal justification for continued processing.  

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. 

  • Right to complain. We would like to address any complaint that you may have directly so please do contact us should you need to.  You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). You may also direct your complaint or concern to your local data protection authority. 

Please contact us for further information.