Privacy Policy

This privacy policy describes how Matthew Penn Ltd and Matthew Penn Associates collects and uses personally identifiable information (personal data) in accordance with the EU General Data Protection Regulation (“GDPR”) which came into effect on 25th May 2018.

It is important for you (as an individual who provides us with personal data) to understand how we use (or process) personal data, including that which we collect about you during your visit to this website and our other websites, and which we process more generally in accordance with this policy.

Matthew Penn Ltd and Matthew Penn Associates are the data controllers of all such personal data and aim to always process personal data fairly, lawfully, and transparently. However, if you are unhappy with the information provided in this policy or have any broader questions or concerns please email info@matthewpenn.com. If you remain dissatisfied you may raise any issue directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via www.ico.org.uk).

Personal Data Collection

When you submit your personal data on this website or another website controlled by Matthew Penn Ltd and Matthew Penn Associates, you are agreeing to the processing and transfers of your personal data as set out in this privacy policy. This includes when you complete the contact form or subscribe to our mailing lists for information, invites, and updates.

More generally, and subject to this policy, personal data may also be collected from publicly available records or from other sources and affiliates.

The types of personal data we collect and process may include:

(1) basic information (name, address, date of birth, nationality, gender, etc)

(2) contact information (address, telephone, and e-mail addresses)

(3) financial information (certain limited bank account or credit card details)

(4) website information (IP address, location information, weblogs etc)

Sensitive personal data is neither requested nor collected by us generally. Sensitive personal data includes, for example, information relating to race or ethnic origin, religious beliefs, and health. If you do provide us with sensitive personal data because we have agreed between us that such disclosure is necessary, you must also explicitly consent to us using it for the purposes for which it has been provided.

Section 2: Cookies and Google Analytics

Cookies are small pieces of information stored by your browser on your computer’s hard drive.  If you want to know more about cookies and how they work, please refer to the following websites: http://www.allaboutcookies.org and http://www.youronlinechoices.com.

Through Google Analytics (a web analytics service provided by Google, Inc. Google Analytics), we use cookies to collect information about details of our users’ visits to this website (including IP addresses) and the resources they access on it. Google Analytics provides us with reports based on this information in order to us to help us understand how visitors engage with the content on our website.  Google Analytics will not transfer the information it collects to any third party except where required to do so by law.

Please note that we will not use Google Analytics to collect any information from which you can be personally identified, and we will not associate the information provided to us by Google Analytics with your information. Google Analytics’ cookies will remain on your computer for between thirty minutes and two years from being set/updated, unless you delete them before they expire. For more information about Google Analytics, please visit http://www.google.com/intl/en/analytics/privacyoverview.html.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you do this, cookies will be issued when you visit our website, but you can delete them via your browser at any time. If you do not accept cookies, or decide to delete them, you will still be able to access and use the website but you won’t be able to save any items.

Section 3: Personal Data Use

Except as otherwise disclosed in this Privacy Policy, we will process personal data only for the purposes of:

(1) Facilitating client projects and responding to any related comments, questions, and other interactions through this website or those operated by Matthew Penn Ltd and Matthew Penn Associates.

(2) Matthew Penn Ltd and Matthew Penn Associates business purposes, such as engaging suppliers, generating statistics, measuring performance and website usage, service improvement, and marketing plans.

In accordance with the GDPR, we have identified below the relevant lawful basis for the processing of various types of personal data for different purposes:

(1) We are entitled to process personal data, including basic customer details, as required in order to fulfil our obligations under any order or purchase you make, or in advance of that contract.

(2) We may process personal data on the basis that it is in our legitimate interests and/or the legitimate interests of a third-party to do so. We have a legitimate business interest for example in offering services, projects and products to customers and clients, and in undertaking such work when agreed, and our customers and clients likewise have a legitimate interest in receiving the same. We may also process personal data on the basis that it is necessary for our legitimate interests in the effective management and running of the business, which may include, but is not limited to: engaging suppliers, ensuring that systems and premises are secure and running efficiently, for legislative compliance, auditing and reporting, for insurance purposes, and to protect our legal rights. We are satisfied that all such processing is not unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.

(3) In certain circumstances, we may process your personal data in order to comply with our legal obligations. This includes processing personal data for tax and accounting purposes and to fulfil our statutory obligations.

(4) Where you have provided your consent, we may also use your personal data to tell you about our products, promotions and special offers that may be of interest to you. This may include receiving such further information by telephone, email, SMS and other forms of electronic communication as approved by you at the time you gave us your consent. However, these decisions may be reversed at any time by opting-out of such communications or by emailing us, and we will process your request as soon as possible.

We will retain personal data for the length of time required for the specific purposes for which it is processed, as set out in this privacy policy. However, we may also keep your personal data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your personal data will continue to be subject to this policy, restrict access to any archived personal data and ensure that all personal data is held securely and kept confidential.

Section 4: Transfers of Personal Data to Third Parties

We may share personal data with affiliates of Matthew Penn Ltd and Matthew Penn Associates, and our business partners. We will ensure that there is a legal basis for all such transfers of personal data under the GDPR and that the related processing activities are as set out in this privacy policy.

We may also retain other companies and individuals to perform functions on our behalf in relation to the processing of personal data as explained in this privacy policy. Examples include credit/debit card validation and authorisation agencies, data analysis firms, customer support specialists, webhosting companies and IT services providers. Such third parties may process personal data on our instructions if needed to perform their functions, but will be subject to appropriate contractual safeguards and may not use such personal data for any other purpose.

Such third parties may be located in countries both inside and outside the European Economic Area (“EEA”). Although countries outside the EEA may not require the same level of protection of personal data as those within the EEA, and as is the case in the UK, we always demand that our third party processors adhere to the same procedures that we follow ourselves with respect to your personal data and that adequate safeguards are in place in advance of any transfer outside the EEA.

We may disclose any information, including personal data, we deem necessary to comply with any applicable law, regulation or governmental request.

Section 5: Protecting Personal Data

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction, or accidental loss of your personal data. In accordance with the GDPR, we take appropriate organisational and technical security measures, including specific information security standards for the protection of personal data.

Section 6: Your Rights and Responsibilities

The GDPR generally provides individuals with rights to access, to object to the processing of, to rectify, to erase, to restrict and to port their personal data. You can exercise any of these rights by contacting us at any time at info@matthewpenn.com.

We have specific procedures in place to enable you to request that we provide you with details of your personal data which we process and a description of how we process it.

You have the right to unsubscribe from any marketing emails we send you. You can do this by clicking on the link at the bottom of every email we send to you or by contacting us by email. You can also request that your personal data is deleted from our systems at any time, though please note that we may be entitled to continue to store such personal data in accordance with the law and with this policy.

We will take reasonable steps to create an accurate record of any personal data submitted through this website or otherwise processed by us. However, we do not assume responsibility for confirming the ongoing accuracy of your personal data and so please let us know if corrections and updates are required.

Section 7: Changes to this Privacy Policy

This Privacy Policy is effective from 16th August 2018.

We may revise this privacy policy from time to time and will post the revised version here. As we may make changes at any time without notifying you, and the policy governing our processing of your personal data will be the one in place at the time of the processing in question, we suggest that you periodically consult this privacy policy.