TERMS & POILICIES
Sussex Strategy Group Inc., (“Sussex”, “we,” “us,” or “our”) is a public affairs firm that assists organizations in advancing and safeguarding interests in highly complex and regulated sectors, providing comprehensive advisory services, government relations, public affairs, market access, and communications services to a broad range of domestic and international clients. This Privacy Notice sets out how we collect, use, share, and protect your Personal Data when you visit this website, https://www.sussex-strategy.com (the “Website”). This Privacy Notice also explains the measures we take to safeguard your personal information, describes your privacy rights and how you may contact us regarding our privacy practices. Please note, this Privacy Notice does not apply to the services provided by us beyond the Website.
Introduction
Any personal data collected through this Website will be used for the purposes set out in this Privacy Notice. When personal data is collected on this Website, Sussex is acting as a data controller.
I. What Personal Data do we collect and process through the Website?
The following table describes the categories of Personal Data we collect directly from you through the Website.
- Contact Data: First name, last name, email address, phone number
- Employment Application Data: CV (including employment and academic history, skills, qualifications, certifications and address)
- Subscription Data: Your choice of newsletter subscription interest (e.g. newsletters, events, company updates etc.)
- Project Data: Information you provide about your project when you inquire about our services.
- Technical Data: Device information (e.g. IP address, device model & manufacturer, web browser type and version, hardware model, time zone setting, browser plug-in types and versions, and operating system version, as well as your internet service provider.) Information about how you use the Website (e.g. uniform resource locators (“URLs”) of other websites that you click to and from our Site (including the date and time clicked), page response times, download errors, length of visits to certain pages on the Site, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the Site)
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
II. Purpose of data collection and legal basis
Below are the purposes for which we use your personal data and, for users located in the UK, the legal basis for processing your Personal Data:
- To read and respond to your queries to us at [email protected]
- ~Legal basis: (1) Necessary for the performance of your contract with us or in order to take steps at your request prior to entering into a contract; and (2) Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- Administer our operations and business in an efficient and effective way including undertaking management planning and improving and developing our products and services.
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- To send you newsletters when you have asked us to do so.
- ~Legal basis: (1) Consent; and (2) Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- To evaluate your application for employment with us.
- ~Legal basis: (1) Necessary for the performance of your contract with us or in order to take steps at your request prior to entering into a contract; and (2) Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- To comply with our legal and regulatory obligations and bring and defend legal claims.
- ~Necessary to comply with a legal or regulator obligation
- We may share your personal data to authorized third-party service providers or others who may perform services on our behalf, such as payment processing, data analysis, and customer service and support.
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business and the acquisition of the business.
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- Operating our Website, for example, operating, analyzing, improving, and securing our Website
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
- Marketing services, for example: (1) Analyzing and optimizing our website’s content and newsletter by updating it in accordance with your preferences; and/or (2) Providing “verification” or data hygiene” services, which is how companies update and/or “clean” their databases by either verifying or removing or correcting old, incorrect or outdated information.
- ~Legal basis: (1) Consent; and (2) Necessary for the purposes or our legitimate interests of the legitimate interests of a third party.
- Other internal purposes, such as: internal research, internal operations, auditing, detecting security incidents, debugging, short-term and transient use, quality control, and legal compliance.
- ~Necessary for the purposes of our legitimate interests or the legitimate interests of a third party.
For users located in Canada, your use of the Website constitutes your implied consent for us to process your Personal Data for the above-noted purposes. You may withdraw your consent at any time. However, if you withdraw your consent, we may not be able to provide you with the services available via the Website.
When do we have legitimate interests?
For users located in the UK, we use your personal data where it is necessary for our legitimate interests or the legitimate interests of a third party. This includes where the use of your personal data is necessary to:
- Administer our operations and business in an efficient and effective way including undertaking management planning and improving and developing our products and services;
- For our authorized third-party service providers or others to perform services on our behalf, such as payment processing, data analysis, and customer service and support;
- Understand and respond to queries, complaints and feedback;
- Send direct marketing and newsletters to business contacts;
- Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business and the acquisition of the business;
- Analyze and optimize our website’s content and newsletter by updating it in accordance with your preferences;
- Ensure network and information security; and
- Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.
If you fail to provide Personal Data
In certain circumstances, we process your Personal Data in order to comply with a legal requirement or to perform our obligations under the terms of a contract we have with you. If you fail to provide your Personal Data in those circumstances, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel any service you have with us but we will notify you if this is the case at the time.
Technical Data
We also use analytics services, such as Google Analytics and Website Preferences to help us understand how users access and use the Website. We also work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites.
III. With whom do we share Personal Data?
We will share your Personal Data for various business purposes within Sussex Strategy Group Inc., and the following types of third party service providers:
- Cloud hosting and server providers who help us design, administer and maintain the Website;
- An email marketing service provider called MailChimp that enables us to send subscribers newsletters, events, and company updates;
- Data storage providers, such as Dropbox, who allow us to organize and store the Personal Data we collect;
We only allow third parties to process information for the sole purpose of carrying out the above services on our behalf.
We also may share any of the Personal Data we collect for the following purposes:
Sharing for Legal Purposes: In addition, we may share Personal Data with other parties in order to: (a) comply with legal process or a regulatory investigation (e.g. regulatory authorities’ investigation, subpoena, or court order); (b) enforce our Terms of Service, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of other parties; and/or (d) protect the rights, property or personal safety of us, our platform, our customers, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, spam/malware prevention and similar purposes.
Sharing In Event of a Corporate Transaction: We may also share or transfer Personal Data in the event of a major corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, or for purposes of due diligence connected with any such transaction
IV. Your rights and choices regarding your Personal Data
Please contact us at [email protected] if you want to exercise any of the following rights:
1. Rights applicable to all users
1.1 Do Not Track:
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
1.2 Analytics:
We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
For example, we use Google Analytics (“Google Analytics”), a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to www.google.com/policies/privacy/partners/.
Google Analytics uses cookies to help us analyse how our websites are used, including the number of visitors, the websites from which visitors have navigated to our websites, and the pages on our websites to which visitors navigate. This information is used by us to improve our websites. We use Google Analytics with restrictions on how Google can process our data enabled. For information on Google’s Restricted Data Processing go to https://privacy.google.com/businesses/rdp/.
1.3 E-mails:
You will only receive marketing communications from us if you have given us permission to send such communications to you or if you have previously purchased or expressed an interest in our services; the communication relates to similar services; we have provided an opportunity for you to opt-out; and you have not opted out of receiving marketing.
You can opt-out of receiving promotional or marketing emails from us at any time by clicking the unsubscribe link in the email itself, or emailing us at the email address set out in the “Further Information” section below with the word unsubscribe in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about transactions, servicing, or our ongoing business relations.
2. Where you are a resident of Canada
2.1 Right of access
You have a right to access your Personal Data in our control. We will also provide you with a description of what uses we have made of your Personal Data and which third parties we have shared it with. In some cases, we may not be able to provide you with access to your Personal Data, in which case we will let you know the reasons why.
We will respond to your request within 30 days, unless we require more time to do so, in which case we will advise you of the date by which we will respond to your request within 30 days of receiving it.
2.2 Right to request correction/rectification of your Personal Data
If you note any inaccuracies or wish to update any of your Personal Data, we will make those changes upon your request.
3. Where you are a resident of the UK
3.1 General
You have the following rights if you are a resident of the UK.
- The right of access: You have a right to request access to all the Personal Data we hold about you. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You are also entitled to certain additional information when you ask for a copy of your Personal Data e.g. the purposes for processing, the categories of personal data, the recipients or categories of recipients etc.
- The right to correction: You have a right to request the correction of any incomplete or inaccurate personal data that we hold about you.
- The right to erasure: You have a right to request the erasure or deletion of the Personal Data we hold on you. This is not an absolute right since we may have to keep your Personal Data for legal or legitimate reasons. You may, for example, exercise your right to deletion in the following cases:
- ~if you have withdrawn your consent to the processing (see below);
- ~if you legitimately objected to the processing of your data and we have no legal basis for continuing the processing (see below);
- ~when data is not or is no longer necessary for the purposes for which it was initially collected or processed;
- ~the data is processed unlawfully (e.g., publishing hacked data);
- The right to object to the processing of your Personal Data: When we process your Personal Data based on our legitimate interest (to determine to which processing this applies, please refer to Section II of this Privacy Notice), you may at any time object to the processing of your Personal Data for reasons relating to your personal situation. We may nevertheless, on a case-by-case basis, reject such a request if we have compelling legitimate grounds for the processing of this data which overrides your interests, rights and freedoms, or when this data is necessary to establish, exercise or defend a legal claim.
- The right to restrict processing: The right to limit the processing completes your other rights. This right means that the data processing relating to you and that we are performing is limited, so that we may keep this data, but we cannot use it or process it in any other manner. This right applies in specific circumstances, i.e.:
- ~if you challenge the accuracy of your Personal Data. The processing can be limited for a period of time so that we may verify the accuracy of the Personal Data;
- ~if the processing is unlawful and you object to the erasure of your Personal Data and request instead that its use be limited;
- ~if we do not need the Personal Data for the purposes mentioned above in Section I anymore, but you still need it to establish, exercise or defend rights before a Court; and
- ~in the cases where you objected to the processing which is based on our legitimate interests, you may ask to limit the processing for the time necessary for us to verify if we can accept your objection request (i.e., the time necessary to verify whether our legitimate interests prevail over yours).
- The right to data portability: You may request to retrieve the Personal Data you provided us with, in a structured, commonly used, and machine-readable format, for personal use or to share them with a third party of your choice.This right only applies to Personal Data you provided us with, directly or indirectly, and which was processed through automated means, if this processing is based on your consent or the performance of a contract. Please check the list of our Personal Data processing activities’ legal basis (in Section II of this Privacy Notice) to know whether our processing is based on the performance of a contract or on consent.
- The right to withdraw your consent to the processing of your Personal Data at any time: Where you have previously given us consent to process your Personal Data, you have a right to withdraw your consent at any time. However the withdrawal of your consent will not affect the lawfulness of the processing based on consent before its withdrawal. You may read Section II of this Privacy Notice in order to identify the purposes for which the processing of your Personal Data is based on your consent.
- If you are not satisfied with the way we process your Personal Data or if your request has been rejected, you may also lodge a formal complaint with your local data protection authority. In the UK that is the Information Commissioner’s Office.
- We will respond without undue delay and in any event within one month from the date we receive your request. This timeframe can be extended by two months depending on the complexity of the request, or the number of requests received from you. In this case, we will inform you within one month from receiving your request, specifying the reasons for extending the response timeframe.
V. Children
The Website is not directed at children. We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe we have collected Personal Data in violation of PIPEDA, contact us at [email protected]. We will remove the Personal Data in accordance with PIPEDA.
VI. Data Security
We use a variety of methods, such as firewalls, intrusion detection software and manual security procedures, designed to secure your data against loss or damage and to help protect the accuracy and security of information and to prevent unauthorized access or improper use. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. If you think that the Website or any Personal Data is not secure or that there has been unauthorized access to the Website or your Personal Data, please contact [email protected] immediately.
Data Retention. How long we keep Personal Data depends on the type of Personal Data and the purpose(s) for which we collected it and the applicable legal requirements. We only retain your Personal Data for as long as necessary to fulfill the purposes described above in Section II of this Policy.
VII. International Data Transfers
If you’re a UK resident, due to the international nature of our business, your Personal Data may be transferred to Canada or the United States . Canada has been deemed by the UK government to provide an adequate level of protection for personal data. However this adequacy decision is limited and may not cover certain transfers. Whenever we transfer your Personal Data outside the UK to a country or territory that does not benefit from an adequacy decision, we ensure that the data transfer complies with UK data protection law (including by executing standard contractual clauses). Should you wish to know more about how your Personal Data is protected or wish to request a copy of the contractual protections please contact [email protected].
Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. You can choose to accept or decline cookies.
VIII. Use of social media and social media plug-ins
Sussex has a company page on Twitter, Facebook, and LinkedIn that you can use or visit. Sussex acts as a joint data controller with the social media platforms for the collection of your personal data when you visit our company page on the social media platform. We will collect Personal Data about you in order to understand our followers better and understand the public response to our products and services. We may use this information to contact you/ send you marketing information which we think may be of interest to you/ engage in social listening to identify and assess what is being said about us publicly to understand industry trends and market sentiment. Any information you provide to us when you engage with our content (such as through our brand page or via Facebook Messenger) is treated in accordance with this Privacy Notice. Also, if you publicly reference us or our Website on social media (such as by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Website.
You can read more regarding our joint controllership with the platforms at the following links:
We provide social media plug-ins on the Website to allow you to easily share content from our Website through social media, and in doing so, we may receive your Personal Data from the social media platform that you have authorized to share with us. When you share content using these buttons, a new page will pop up from the relevant social media platform. If you’re already logged into your account on that social media platform, then you will probably be automatically logged into this pop-up page, so that you don’t have to log in again. If, however, you are not logged in (or if you are not registered with the social media platform), the page will ask you for your information. Sussex is joint data controllers with the social media platforms for the collection of your personal data that is collected by the platforms when you visit our website.
We have no control over how social media platforms use your Personal Data and they may independently collect information about you when you leave our Website. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to read the privacy notices on the various social media platforms you use.
Find out more about how these social media platforms use your Personal Data:
IX. Notification of changes
Any changes to this Privacy Notice will be promptly communicated on this page and you should check back to see whether there are any changes.
If you wish to save this text, please mark the entire statement (e.g. with your mouse) and copy-paste by pushing ctrl-c.
X. Further Information
This Privacy Notice has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at [email protected].
If you consider that we are not complying with this Privacy Notice, or you have any questions in relation to this Privacy Notice or about your privacy rights and choices, please contact our data protection team at [email protected]. Data subjects in the UK may also lodge a formal complaint with the UK Information Commissioner’s Office.
If you have any questions about Sussex Strategy Group Inc.’s data practices or you wish to exercise your rights or know about the contractual protections in place, please contact the Sussex Strategy Group Inc. at [email protected].