TEAM LEWIS PRIVACY CENTRE

Updated January 2021

We have created this Privacy Centre to set out the personal data that we collect, use and process at TEAM LEWIS.

Given the different types of audiences (or “Data Subjects”) that we interact with day to day, this Privacy Centre is split into a Data Privacy Overview and specific sections addressing how we cover certain types of Data Subjects who we commonly deal with.

This Privacy Centre (together with any terms of use, terms of services and any other documents referred to by this policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

References to TEAM LEWIS, or “We”, or “Us” are to the data controller, which, unless otherwise stated is in reference to LEWIS Communications Limited of Millbank Tower, Millbank, London SW1P 4RS. For the different market versions of this website, the data controllers are set out in the data processor summary sheet provided in this link.

For more specific details as to what may apply to you, or about anything covered in this overview, please see the following:

• Data Privacy Overview (below)
• Information for Journalists and Media Contacts
• Information for visitors to our website and social media channels
• Information for our clients
• Information for those dealing with our marketing team
• Information for those dealing with our careers team

DATA PRIVACY OVERVIEW

Overview of data we process at TEAM LEWIS

The information we collect:
We collect information about you from different places including:

• directly from you
• from a third party acting on your behalf
• from other TEAM LEWIS companies
• from publicly available sources
• when we generate it ourselves
• from third party organisations.

We’ll only collect your information in line with relevant regulations and law and this may relate to the interactions that we have with you currently, or have had in the past.

You’re responsible for making sure you give us accurate and up to date information. If you provide information for another person, you’ll need to tell them how to find TEAM LEWIS’ Privacy Notice and make sure they agree to us using their information for the purposes set out in it.

How we’ll use your information

We’ll use your information for various purposes. The main purposes are as follows:

• to provide any products and services you’ve requested
• to carry out your instructions
• to contact you on behalf of our clients in the provision of client services
• to understand you better, so that we can provide you with more relevant information or more relevant services
• to improve our products and services, including our website, and to develop new ones
• to offer you services from TEAM LEWIS or third parties that we believe may benefit you, unless you ask us not to.

We’ll only use your information where we’re allowed to by law. For example, carrying out an agreement or contract we have with you, fulfilling a legal obligation, where we have a legitimate business interest or where you agree to it.

How long we’ll keep your information

We’ll keep your information for as long as you continue to have a relationship or continue to have interactions with us.

After it ends we’ll keep it where we may need it:

• to offer you services from TEAM LEWIS or third parties that we believe may benefit you, unless you ask us not to
• for our legitimate purposes, for example – to help us respond to queries or complaints, or to respond to requests from regulators and government authorities.

Data Security

We work hard to protect TEAM LEWIS from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold.

In particular:

• all data will be transferred externally via TEAM LEWIS corporate electronic mail over SSL;
• we continually review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems;
• we restrict access to personal information to TEAM LEWIS employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

How can you remove your personal information?

You may request the deletion or the change of your own personal information by writing to [email protected]. We will delete the data without unnecessary delay upon receiving the request for deletion, unless we need to retain the information to comply with the applicable legal provisions or governmental requests, or to protect the rights and property of LEWIS.

Where we store your personal data

Where we store your personal data in our own systems, it is stored in the region the data is stored. If your data is collected in EMEA, then the data is stored in the TEAM LEWIS EMEA office where the computer system is located, and it is backed up inside EMEA, in Ireland. If your data is collected in the US, then it is stored in the TEAM LEWIS US offices and backed up in our systems in the US. If your data is collected in APAC, then it is stored in the TEAM LEWIS APAC office and backed up in our systems in Singapore.

The data that we collect from you and process using TEAM LEWIS’ Services may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders for goods and services, the processing of payment details and the provision of services including support services. By submitting your personal data, you agree to this transfer, storing or processing.

In particular, your data may be accessible to i) TEAM LEWIS staff in our various offices globally or ii) may be stored by TEAM LEWIS’ hosting service provider on servers in the USA and APAC as well as in the EU. Therefore your data may be transferred and/or in countries outside the European Economic Area, including some that may not have laws that provide the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection. For example, by entering into a data processor agreement with these entities. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.

If you would like further information please contact us (see ‘Contact’ below).

Your rights

Under the General Data Protection Regulation you may have a number of important rights. In summary, those include rights to:

• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
• require us to correct any mistakes in your information which we hold
• request the erasure of personal data concerning you in certain situations
• request access to the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format
• object at any time to processing of personal data concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal data
• otherwise restrict our processing of your personal data in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO), or from the European data protection authority in the country which you reside, on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please contact us using our Contact details below. Please also let us have enough information to identify you, let us have proof of your identity and address, and let us know the information to which your request relates.

Your rights as a Californian resident

This section applies to individuals residing in California from whom we may collect Personal Information. The section should be read in conjunction with the information and disclosures already contained in this Privacy Policy. We refer in particular to each individual section that explain who we can share your data with.

As of January 1, 2020, if you are a Californian resident you will have the following rights under the Californian Consumer Privacy Act 2018 (“CCPA”)

1. Right to Know and Access. Under the CCPA, you have the right to request disclosure of the information we may have collected, used and disclosed about you in the preceding twelve (12) months of your request. Such a request for information will include the following:
   a. Categories of your Personal Information that we have collected or disclosed by us
   b. Categories of sources from which your Personal Information was obtained:
   c. The purpose for which the categories are collected by us (business or commercial purpose) during the past 12 months.
   d. Categories of third parties with whom we may have shared personal information during the past 12 months
   e. Specific pieces of Personal Information we have collected about you during the last 12 months
   f. If we disclosed your Personal Information with a third party for a business purpose, the PI categories that each category of recipient obtained
2.  Right to Delete. You have the right to request the deletion of personal information we may hold of you or have collected about you, subject to certain exceptions.
3. Right to Non-Discrimination. You have the right not be treated differently following the exercise of your CCPA privacy rights, subject to certain limitations. We will not discriminate against you for exercising your rights and will not charge you for the information we will provide.
4. Right to Opt-out and Opt-in / Shine the Light. Our position is that we do not sell Personal Information for commercial purposes. Sale under the CCPA relates to selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating your personal information to another business or third party for monetary or other valuable considerations. Under the CCPA Californian residents have the right to opt out of the sale of their personal information.

Please note that these requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity on the basis of the information we request and that you have subsequently provided to us. These verifiable consumer requests (“VCR”) will be pursuant to CCPA requirements and legislation and can only be made by you, or by an Authorised Agent, a person registered with the Californian Secretary of State that you authorise to act on your behalf. When using an agent, a statement signed by you and the Authorised Agent which includes proof of the agent’s registration with the Californian Secretary of State must be provided. We do not knowingly hold household requests. Any such request will be dealt with as an individual request.

You may make a request related to your personal information twice per 12 month period. Any requests invoking your rights should be address to [email protected] OR via post to LEWIS PR. Inc, 111 Sutter Street Suite 850, CA.

Exempted categories

Employees of LEWIS, job applicants, and contractors are currently exempt from CCPA.

Children’s Privacy

Our sites are not intended to be used by individuals under 16. We therefore do not knowingly collect or maintain personal information from children under the age of 16. If we become aware that such information is being collected without parental or guardian consent, we will use all reasonable endeavours to delete it. If you are a parent or legal guardian and you think we have collected personal information from a child under the age of 16, please contact us at [email protected]

Do Not Track Notice

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers and allows them to disable any tracking of an individual users. We do currently not recognize or respond to browser-initiated DNT signals.

Further information on Do Not Track can be found here.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

The supervisory authority in the UK is the Information Commissioner who may be contacted via ICO or telephone: 0303 123 1113.

Contact

All other questions, comments and requests regarding this Privacy Notice should be addressed to the Data Protection Officer at [email protected].