Black Sun Plc ("Black Sun", "we", "us", or "our") is strongly committed to protecting Personal Data. This notice describes why and how we collect and use Personal Data and provides information about individual's rights.
It applies to Personal Data provided to us, both by individuals themselves or by others. We may use Personal Data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
Personal Data is any information relating to an identified or identifiable living person. Black Sun processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using Personal Data, our Notice is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this notice.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to confidential data is independently certified as complying with the requirements of ISO/IEC 27001:2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.
In the majority of cases, we process your Personal Data for all of the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services), or the legitimate interests of third parties with whom we share your data, to carry out these activities.
Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).
Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.
Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data, such as name, title, company address, email address, and telephone numbers, from websites’ visitors; for example when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email to us through our websites. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.
We use small text files called ‘cookies’ which are placed on your hard drives to assist in personalising and enriching your browsing experience by displaying content that is more likely to be relevant and of interest to you. The use of cookies is now standard operating procedure for most websites. However if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies in order register on our websites. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our websites, you can always delete the cookie from your system if you wish. You can find out more details regarding our use of cookies on our Cookies page.
When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected to:
Our websites may contain links to third party websites and features. This Notice does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages through widgets, or we may provide links to industry reports.
Personal Data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual). Once the period above has concluded, we will either:
We have security measures in place at our offices, including sign in procedures and building access controls. We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident). Once the period above has concluded, we will permanently destroy the relevant Personal Data;
Black Sun processes Personal Data about contacts (existing and potential Black Sun clients and/or individuals associated with them) using a customer relationship management system (the “Black Sun CRM”).
The collection of Personal Data about contacts and the addition of that Personal Data to the Black Sun CRM is initiated by a Black Sun user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the Black Sun CRM may collect data from Black Sun email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between Black Sun users and contacts or third parties.
Personal Data relating to business contacts may be visible to and used by Black Sun users to learn more about an account, client or opportunity they have an interest in, and may be used for the following purposes:
Black Sun does not sell or otherwise release Personal Data contained in the Black Sun CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.
Personal Data will be retained on the Black Sun CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact). Once the period above has concluded, we will either:
We collect and process Personal Data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
We use Personal Data for the following purposes:
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal Data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Once the period above has concluded, we will either:
When applying online for jobs at Black Sun, any Personal Data provided by you to us will only be used to facilitate the transfer of information for recruitment purposes.
We usually collect Personal Data directly from you when you apply for a role with us, such as your name, address, contact information, work and educational history, achievements, desired salary expectations, and test results.
We use Personal Data for the following purposes:
We may also analyse your Personal Data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We process your Personal Data for the purposes described above when:
We retain job applications for a period of 12 months, however we may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of one of our recruiting programmes. Once the period above has concluded, we will either:
If you submit your application for one of our roles, but subsequently wish to withdraw your application, please contact us at [email protected].
Third Parties Designated by You: We may share your Personal Data with third parties where you have provided your consent to do so.
Our Third Party Service Providers: We may share your Personal Data with our third party service providers who provide services such as data analysis, distribution partners, resellers, HR services, information technology and related infrastructure provision (such as Amazon Web Services), customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.
Corporate Restructuring: We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Other Disclosures: We may share Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Notice; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
International Data Transfer
We may be required to transfer your information, including Personal Data that we collect from you, outside the country in which you reside where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. To ensure that your Personal Data receives an adequate level of protection and is treated securely, we will put appropriate safeguards in place to protect the privacy and integrity of such Personal Data.
Individuals have certain rights over their Personal Data and data controllers are responsible for fulfilling these rights. Where we decide how and why Personal Data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
You have a right of access to Personal Data held by us as a data controller. This right may be exercised by emailing us at [email protected]. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.
To update Personal Data submitted to us, you may email us at [email protected]. When practically possible, once we are informed that any Personal Data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. We do not generally process Personal Data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your Personal Data please email us at [email protected] or, to stop receiving an email from a Black Sun marketing list, please click on the unsubscribe link in the relevant email received from us.
This Privacy Notice is intended to provide information about what Personal Data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the Personal Data we hold, such as a right to erasure/deletion, to restrict or object to our processing of Personal Data and the right to data portability. Some of these rights will only be available from 25 May 2018.
If you wish to exercise any of these rights, please contact us using the details above. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event, within the legally required time limits. Please note that we may need to retain certain information for recordkeeping purposes, legal purposes and/or to complete any transactions that you began prior to requesting such change or deletion.
If you want to complain about our use of Personal Data, please send an email with the details of your complaint to us at [email protected]. You also have the right to lodge a formal complaint with a data protection authority. For further information, refer to the UK data protection regulator (Information Commissioner’s Office/ICO) website:
https://ico.org.uk/for-the-public/raising-concerns/.
This Privacy Notice was last updated on 16th May 2018. We recognise that transparency is an ongoing responsibility so we will keep it under regular review. All changes we make will be described on this page. When required by law, we will notify you of any changes.
Black Sun Ltd, Registered in England, Registered number: 01557279
Registered office: Fulham Palace, Bishops Avenue, London SW6 6EA