LEWIS PRIVACY CENTRE

Updated January 2021

We have created this Privacy Centre to set out the personal data that we collect, use and process at LEWIS.

Given the different types of audiences (or “Data Subjects”) that we interact with day to day, this Privacy Centre is split into a Data Privacy Overview and specific sections addressing how we cover certain types of Data Subjects who we commonly deal with.

This Privacy Centre (together with any terms of use, terms of services and any other documents referred to by this policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

References to LEWIS, or “We”, or “Us” are to the data controller, which, unless otherwise stated is in reference to LEWIS Communications Limited of Millbank Tower, Millbank, London SW1P 4RS. For the different market versions of this website, the data controllers are set out in the data processor summary sheet provided in this link.

For more specific details as to what may apply to you, or about anything covered in this overview, please see the following:

• Data Privacy Overview (below)
• Information for Journalists and Media Contacts
• Information for visitors to our website and social media channels
• Information for our clients
• Information for those dealing with our marketing team
• Information for those dealing with our careers team

DATA PRIVACY OVERVIEW

Overview of data we process at LEWIS

The information we collect:
We collect information about you from different places including:

• directly from you
• from a third party acting on your behalf
• from other LEWIS companies
• from publicly available sources
• when we generate it ourselves
• from third party organisations.

We’ll only collect your information in line with relevant regulations and law and this may relate to the interactions that we have with you currently, or have had in the past.

You’re responsible for making sure you give us accurate and up to date information. If you provide information for another person, you’ll need to tell them how to find LEWIS’ Privacy Notice and make sure they agree to us using their information for the purposes set out in it.

How we’ll use your information

We’ll use your information for various purposes. The main purposes are as follows:

• to provide any products and services you’ve requested
• to carry out your instructions
• to contact you on behalf of our clients in the provision of client services
• to understand you better, so that we can provide you with more relevant information or more relevant services
• to improve our products and services, including our website, and to develop new ones
• to offer you services from LEWIS or third parties that we believe may benefit you, unless you ask us not to.

We’ll only use your information where we’re allowed to by law. For example, carrying out an agreement or contract we have with you, fulfilling a legal obligation, where we have a legitimate business interest or where you agree to it.

How long we’ll keep your information

We’ll keep your information for as long as you continue to have a relationship or continue to have interactions with us.

After it ends we’ll keep it where we may need it:

• to offer you services from LEWIS or third parties that we believe may benefit you, unless you ask us not to
• for our legitimate purposes, for example – to help us respond to queries or complaints, or to respond to requests from regulators and government authorities.

Data Security

We work hard to protect LEWIS from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold.

In particular:

• all data will be transferred externally via LEWIS corporate electronic mail over SSL;
• we continually review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems;
• we restrict access to personal information to LEWIS employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

How can you remove your personal information?

You may request the deletion or the change of your own personal information by writing to [email protected]. We will delete the data without unnecessary delay upon receiving the request for deletion, unless we need to retain the information to comply with the applicable legal provisions or governmental requests, or to protect the rights and property of LEWIS.

Where we store your personal data

Where we store your personal data in our own systems, it is stored in the region the data is stored. If your data is collected in EMEA, then the data is stored in the LEWIS EMEA office where the computer system is located, and it is backed up inside EMEA, in Ireland. If your data is collected in the US, then it is stored in the LEWIS US offices and backed up in our systems in the US. If your data is collected in APAC, then it is stored in the LEWIS APAC office and backed up in our systems in Singapore.

The data that we collect from you and process using LEWIS’ Services may be transferred to, and stored at, a destination outside the European Economic Area («EEA»). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders for goods and services, the processing of payment details and the provision of services including support services. By submitting your personal data, you agree to this transfer, storing or processing.

In particular, your data may be accessible to i) LEWIS staff in our various offices globally or ii) may be stored by LEWIS’ hosting service provider on servers in the USA and APAC as well as in the EU. Therefore your data may be transferred and/or in countries outside the European Economic Area, including some that may not have laws that provide the same level of protection for personal information. When we do this, we’ll ensure it has an appropriate level of protection. For example, by entering into a data processor agreement with these entities. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.

If you would like further information please contact us (see ‘Contact’ below).

Your rights

Under the General Data Protection Regulation you may have a number of important rights. In summary, those include rights to:

• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
• require us to correct any mistakes in your information which we hold
• request the erasure of personal data concerning you in certain situations
• request access to the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format
• ·object at any time to processing of personal data concerning you for direct marketing
• ·object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• ·object in certain other situations to our continued processing of your personal data
• ·otherwise restrict our processing of your personal data in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO), or from the European data protection authority in the country which you reside, on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please contact us using our Contact details below. Please also let us have enough information to identify you, let us have proof of your identity and address, and let us know the information to which your request relates.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

The supervisory authority in the UK is the Information Commissioner who may be contacted via ICO or telephone: 0303 123 1113.

Contact

All questions, comments and requests regarding this Privacy Notice should be addressed the Data Protection Officer at [email protected].