Privacy Policy

Who is the controller of your information

Ometria Ltd (Acre House, 11/15 William Road, London, NW1 3ER)

Email: dpo@ometria.com

What personal information we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

1. Identity Data includes first name, last name or similar identifier.
2. Contact Data includes business address, email address and telephone numbers.
3. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
4. Profile Data includes your interests, preferences, feedback and survey responses.
5. Usage Data includes information about how you use our website, products and services.
6. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share data known as “Aggregated Data” which can include statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offence under this policy, however, we may do so under other policies such as under our recruitment or employee notices.

Why we are allowed to collect information about you

We can collect and use your personal information when one of the following applies:

1. When the law says we have to keep information, for instance record keeping to meet our financial, legal, anti-corruption and other regulatory obligations.
2. To negotiate and enter into contracts with your company (whether you are customer of ours or a supplier to us) or to help with your use of our services
3. You have specifically given us your permission when such permission is obligatory (the law calls it “consent”). Examples of consent include:
   1. Placing cookies on your device or a pixel in our emails to find out how you use, respectively our website or interact with our emails so we can personalise what you see by tailoring content and notifications to the things you are interested in;
   2. The receipt of our marketing emails or other electronic communications
   3. When you share special category information and we need to share that information with others (for example, inferences about your religion (e.g. requesting halal food at one of our events) or informing us about your health condition (e.g. requiring assistance to visit our offices))
4. We need to use your personal information for legitimate business purposes, for example, to enable us to run our business successfully. These include:
   1. Analysing or predicting your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities;
   2. Planning, improving and promoting our business activities;
   3. Responding to and handling your queries or requests, including requests for information;
   4. To provide the functionality of the services we provide to your company;
   5. Managing our IT and communications systems and networks;
   6. Ensuring your, our employees, contractors and suppliers safety at our offices, conferences and other venues

How we use your personal information

We use your data to:

1. provide you with a personalised website experience;
2. create a new customer record if one doesn’t currently exist;
3. update your preferences;
4. send you the information that you have opted in to receive;
5. enable you to take part in any promotional material that we may create; and
6. sign you up to events, seminars and webinars hosted by or on our behalf, and/or our partners.

What your rights are regarding your personal information

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances*.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances*.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances*.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances*.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at dpo@ometria.com if you wish to make a request.

* Please note that these rights are not absolute rights. The applicable laws are nuanced. For instance, you have the absolute right to object to the processing of their personal data if it is for direct marketing purposes. However, if we have processed some of your data that was collateral to marketing and we could demonstrate compelling legitimate grounds as to why we should continue to process your data, your objection may be rebutted. This would be an edge case as we want to make sure you are happy with our processing of your data and we are sure we could either accommodate your objection or anonymise your data such that it would not affect your rights to privacy whilst maintaining our legitimate interests in building our business.

How long we keep your personal information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the:

amount, nature and sensitivity of the personal data;

potential risk of harm from unauthorised use or disclosure of your personal data;

purposes for which we process your personal data and whether we can achieve those purposes through other means; and

applicable legal requirements.

Details of retention periods for different aspects of your personal data are available on request.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

With whom we share your personal information

We share your data with the following:

(a) our subsidiary, Ometria, Inc. if you are visiting us from the USA; and

(b) analytics and search engine providers that assist us in the improvement and optimisation of our site.

We may disclose your personal information to third parties:

(a) affiliates, business partners, suppliers and subcontractors for the promotion of our services to you or the performance and execution of any contract we enter into with them or you;

(b) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;

(c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Ometria, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud, cybersecurity or illegal activity where we believe it is reasonable or appropriate to do so;

(e) in response to court order, warrant, supeana or as otherwise required by law; and

(f) to develop customer relationships, services and systems.

We may share data which is aggregated with other data which is derived from your data. Where we do so we will ensure that it is anonymised before sharing.

The international transfer of your personal information

How we handle your personal information around the world depends on where you are located. Like millions of other businesses we rely on other companies to provide services to us. For instance, we use, amongst others:

1. Amazon Web Services to host our website and our platform is hosted at AWS’s Dublin datacentre.
2. Google Workplace including GMail to send and receive emails
3. Salesforce as our CRM
4. Zendesk for tickets raised by users of our platform
5. Zoom for online meetings and conferences

As you will appreciate this means that some of your personal information will be shared with these other businesses and your data will be transferred from one jurisdiction to another.
Transfers of personal information between the UK and the EU is governed by ‘adequacy decisions’. The effect of these decisions is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to the UK (and vice versa) without any further safeguard being necessary. The European Commission (and the UK) has also recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection. With the exception of Andorra, each of these countries has recognised the UK as having equivalent privacy laws. Because of the high levels of protection, if we use a service provider in say, Israel, your data is protected by laws equivalent to those in the UK.

All countries outside of these ‘adequate countries’ are deemed by the UK government and the European Commission as not having privacy laws that protect your personal information to the same high levels and are called ‘third countries’. This means that we have to enter into special terms and conditions with our suppliers based in, for example, the United States (where the vast majority of the world’s largest technology businesses are based). The European Commission has adopted a set of standard wording, called ‘Standard Contractual Clauses’ (‘SCCs’). They cannot be modified, but can be added to. We enter into contracts with companies that do not process your personal information within the EEA (EU (and Norway, Liechtenstein and Iceland)) or ‘the adequate countries’ using appropriate SCCs and review the security measures by which data flows to and from the UK/EEA to these third countries (for instance, making sure your personal information can only pass in an encrypted format). The UK has adopted an international data transfer agreement and UK addendum to SCCs for the transfer of data from the UK to a third country. You can find more about SCCs here.

Information about children

We are a business-to-business service. We do not process data about children.

Cookies, pixels, web-beacons and other tracking technology and aggregation of your personal information

Cookies

You will see that we use cookies on our website, which helps us understand your activity on our website and which of our pages you are most interested in. Amongst others, the cookie sends us information about where you are when viewing our site, how long you visited our site, including which pages you land on and leave, the products and categories you viewed on each visit and the type of device and browser used. These cookies persistent from a couple of minutes to, in some cases, years. You can find out more information about our use of cookies here.

Email messages

To ensure that you receive messages that you’ll love to receive, are relevant to you and personalised to your interests, we add a pixel to our emails which helps us understand behaviours and personalise our campaigns.

The pixel is a small piece of code – literally, a 1×1 pixel – which gives us insights into what you do with our emails, such as if it is delivered to your inbox, if you open it, mark it as spam or unsubscribe; if you click through to our website or offer. Additionally, it tells us the type of device you use to open the email, where you are in the case of open or click (by IP address and ‘best estimate’ geo location based on that IP). By having these insights, it helps us deliver, what we hope, to be meaningful, engaging and exactly the type of emails you hope to receive from us and when you want to receive them.

Aggregation of your personal information

The information from email pixels and cookies are brought together to give us a unified view about you. When we look at all of those people that we interact with we can better understand what they would like to receive from us. Our aim is to ensure that we deliver an exceptional service to those people visiting us, whether that’s a website visit, an online event or face-to-face meeting or if you are using our platform. Similarly, we want to have meaningful business dealings with suppliers and prospects and engage the very best talent. By having a unified view we believe that we can give you the very best experience. We do this by using data brought together in our CRM and other business tools.

Our aim is always for you to have a fabulous experience with us and we work hard to make sure that our analysis and use of your data are in harmony with your expectations. We regularly review the information we hold to ensure that it is relevant and accurate.

Automated decision making

We do not use software that automatically makes a decision about you, like, for instance, if you apply for credit and the lender uses a credit checking company to assess you.

Who you can complain to about our use of your personal information

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your personal information. If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

How we update this policy

This version of the notice was last updated on 1 September 2022. We may change the contents of this privacy notice from time to time due to changes in legislation, our operations or for any other permitted and necessary reason. However, historic versions can be obtained by contacting us.