Privacy Notice for Corporate Contacts and Website Users

About this page

This privacy notice [and cookie policy] explains how Greyhawk Intelligence Group (“Greyhawk“, “we“, “our“, “us“) processes the personal data of the individuals who instruct us on behalf of our corporate clients and contacts (“Corporate Contacts”, “you”, “your”), and visitors to and users of our website (“Users”, “you”, “your”) hosted at www.greyhawk-uk.com (the “Site“)[, including how we use cookies on the Site]. Where we are instructed by clients who instruct us in their individual capacity, we will process their personal data in accordance with our separate Privacy Notice for Individual Clients (available on our website at link to be included here).

Notwithstanding that Greyhawk typically provides services to its clients as a data processor (and so we are not a data controller in respect of the personal data of others that we may process on your behalf), this privacy notice describes how Greyhawk processes your personal data in the circumstances described in this privacy notice where we are a data controller in respect of your personal data (including in our capacity as the owner and operator of the Site).

Greyhawk Intelligence Group Limited (a UK registered company, registered in England with company number 07953361) is the data controller of your personal data and is subject to the General Data Protection Regulation (the “GDPR”) as applied by the UK Data Protection Act 2018.

How we collect your information

When you use the Site, we collect your personal data in the following ways:

  • [when you access and navigate around the Site (please see the Cookie Policy below); and]
  • when you contact us via the Site, for example in order to find out more about our services.

We collect Corporate Contacts’ personal data in the following ways:

  • from the information you provide to us when you interact with us before the organisation you represent becomes a client, for example when you express your interest in our services;
  • when you instruct us on behalf of your organisation to provide services, sign an engagement letter and provide information about you to us in connection with those instructions;
  • when you communicate with us by telephone, email or via the Site, for example in order to make enquiries or raise concerns;
  • in various other ways as you interact with us during your time as a Corporate Contact of Greyhawk, for the various purposes set out below; and
  • from third parties and publicly available sources, for example in order to carry out required due diligence checks on you or your organisation before we accept your organisation’s instructions.

The types of information we collect

We collect the following types of personal data about Users of the Site:

  • Names and contact details, including email addresses and telephone numbers, obtained when you contact us via the Site;
  • Other information that Users provide through the Site, for example in emails, including your company or organisation details and information about any intelligence services that Users express an interest in;
  • [Information about Users’ browsing activity collected through the use of cookies including details of your [domain name, location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long a User stayed on a particular page.] Please see the Cookie Policy below.]

In addition, we may also collect the following types of personal data about our Corporate Contacts:

  • Biographical and contact information, including dates of birth, nationality and contact information such as address, email address and telephone number;
  • Identification and due diligence information, including passport information, proof of address, national insurance number (or other tax identification number) and due diligence information such as the results of anti-money laundering and ‘know your client’ background checks; and
  • Instructions related information, including information you provide us when you instruct us on behalf of your organisation to provide services.

We may also collect sensitive personal data, including information concerning your health and medical conditions  and data relating to criminal convictions and offences, where relevant, in each case as is necessary for the provision of our services to your organisation.

How we use your information

The purposes for which we use Users of the Site’s personal data include:

  • to communicate and interact with you through the and to monitor and evaluate the performance and effectiveness of the Site.

In addition, the purposes for which we use our Corporate Contacts’ personal data include:

  • the provision of our core services to the organisation that you represent, including research and intelligence services, litigation support services, strategic advice, and all other advisory and consulting services (and, in each case, for the offer and provision of services to the organisation that you represent, as set out in each client engagement letter);

Note: we will process the personal data of anyone who is the subject of integrity due diligence and similar services only on your organisation’s instructions and acting as a data processor for your organisation as data controller.

  • administrative purposes, including administering finance, administering IT systems, carrying out audits (for example, to ensure compliance with our legal obligations);
  • promoting our services (for example, providing you and/or your organisation with briefings and other publications, details of events, or information about our other services);

Note: if you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).

The basis for processing your information and how we use it

  • Legitimate interests

We process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our commercial interests in operating our business in a client focused, discreet and efficient manner, in accordance with all applicable legal requirements.

In this respect, we use Users of the Site’s personal data for the following:

  • to assess the information that you provide through the and to find out more about you before contacting you in response, where appropriate;
  • to interact with you via the Site (for example, to send you promotional material or answer enquiries about our services);
  • for record keeping purposes, so that we have a record of the enquiries we receive through the Site;
  • to monitor and evaluate the performance and effectiveness of our services and the Site; and
  • where relevant, to assist with investigations (including criminal investigations) carried out by the police and other competent authorities, where those authorities are acting in compliance with EU law or the law of an EU Member State.

We also use our Corporate Contacts’ personal data in this respect for the following:

  • outsourcing selected ‘back office’ functions to third parties (for example, vendors of hosted software solutions or cloud storage providers) for the purposes of efficient, fast and secure access to information across Greyhawk Intelligence Group;
  • to monitor and evaluate the performance and effectiveness of our services, and to seek advice on our rights and obligations, where relevant, such as where we require our own legal advice; and
  • to keep you and/or your organisation informed (by letter, telephone, email and other electronic means) of our services. If you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).
  • to interact with you before the organisation that you represent becomes a client, for example when you express the organisation’s interest in our services (for example, to send you promotional material or answer enquiries about our services);
  • once the organisation that you represent has engaged us and become a client, to provide the organisation with the services as set out in our engagement letter;
  • for billing and financial management purposes;
  • corresponding and interacting with you about our services, including to deal with any concerns, enquiries or feedback you or your organisation may have; and
  • for record keeping purposes, so that we have a record of your organisation’s instructions and the research findings and other support we provided to your organisation.
  • Compliance with legal obligations

We process Users of the Site’s personal data and / or our Corporate Contacts’ personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

  • to meet our legal obligations, such as tax reporting requirements to which we are subject; and
  • in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
  • Additional reasons

We also process Users of the Site’s personal data and / or our Corporate Contacts’ personal data where:

  • it is necessary for reasons of substantial public interest (for example, where the due diligence checks we carry out involve our processing data relating to criminal convictions and offences);
  • it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients, or of third parties); and
  • we have your specific or, where necessary, explicit consent to do so (for example, where our processing of sensitive personal data is included in your organisation’s instructions and/or otherwise relevant for the advice and other assistance we provide to your organisation and you permit us to have and use that information).

Sharing your information with others

For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we share personal data of our Corporate Contacts and Users of the Site with certain third parties, including:

  • those of our staff and consultants providing services to you or your organisation;
  • providers of outsourced services to us (for example, IT vendors, cloud storage providers, and any third party we engage to administer the Site on our behalf);
  • in relation to our Corporate Contacts, law firms and other service providers who are advising or providing services to your organisation alongside us;
  • internal and external auditors; and
  • with a third party in a business transaction, in the event that all or part of Greyhawk is acquired, dissolved, merged or involved in a similar transaction which involves, in relation to our Corporate Contacts, the transfer of client files; and, in relation to Users of the Site, the transfer of the Site.

International data transfers

In the course of providing services to your organisation or interacting with you via the Site, we may transfer your personal data to a country or territory outside of the European Economic Area (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the EEA or who uses storage facilities outside the EEA.

In these circumstances, your personal data will only be transferred on one of the following bases:

  • a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
  • where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by the GDPR (for example, standard data protection clauses adopted by the European Commission); or
  • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

How long your information is kept

Users of the Site

We will retain Users of the Site’s personal data for as long as we are interacting with you via the Site, and for as long as permitted or required for legal and regulatory purposes after the last such interaction between you and us.

We will retain our Corporate Contacts’ personal data for as long as we are providing your organisation with the services referred to in any relevant engagement letter or any other contract, including our General Terms and Conditions, and for as long as permitted or required for legal or regulatory purposes after the relationship between your organisation and us has ended, or if your organisation’s instructions for us to provide particular services are declined or abandoned.

Subject to any other notices that we may provide to you, we will typically retain your personal data for a period of up to [seven] years after our last interaction with you. However, some information may be retained for longer than this, for example where we need to retain it in relation to any claims made against us.

Your rights in relation to personal data

Under the GDPR, you have the following rights in relation to our processing of your personal data.  Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

  • to obtain access to, and copies of, the personal data that we hold about you;
  • to require us to correct the personal data we hold about you if it is incorrect;
  • to require us to erase your personal data in certain circumstances;
  • to require us to restrict our data processing activities in certain circumstances;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
  • to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
  • where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.

NoteIf you have given your consent and you wish to withdraw it, please contact mail@greyhawk-uk.com or using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to your organisation and/or it may affect the provision of those services.

If you are not satisfied with how we are processing your personal data, you have the right to make a complaint to the Information Commissioner (or another data protection supervisory authority in the EU, including the data protection regulator in the EU country where you are located).

Contact us

If you have any queries about this privacy notice or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact us:

  • by email: mail@greyhawk-uk.com
  • by telephone: 020 7406 7510
  • or by post: Data Protection, Greyhawk, 5 Chancery Lane, London WC2A 1LG, United Kingdom.

Cookies

The Site uses cookies. A “cookie” is a small text file which is sent by our Site’s server and stored on your computer or other device when you access the Site. These cookies are used for the purpose of improving your experience of the Site by remembering your preferences, the places you have visited, and other information that you have provided to us. When you use the Site, you will be asked to confirm whether you agree to the Site using cookies and, if you accept, we will store cookies on your device. You can if you wish change the cookies settings on your device to refuse cookies. However, if you do this, or if you reject our request to use cookies when you visit our Site, you may be unable to access certain parts of the Site and/or you may not be able to benefit from the full functionality of the Site.

We use the following cookies for the following purposes:

 

Privacy Notice for Individual Clients

About this document

This privacy notice explains how Greyhawk Intelligence Group (“Greyhawk”, “we“, “our“, “us“) collects, uses and shares your personal data, and your rights in relation to the personal data we hold about you. This privacy notice concerns our processing of personal data of our clients who instruct us in an individual capacity (“you“, “your“). Where we are instructed by clients who are not individuals (for example, companies and firms), we may still process certain personal data of the staff instructing us on behalf of those corporate clients but we will do so in accordance with our separate Privacy Notice for Corporate Contacts and Website Users (available on our website at include link here.)

Notwithstanding that Greyhawk typically provides services to its clients as a data processor (and so we are not a data controller in respect of the personal data of others that we may process on your behalf), this privacy notice describes how Greyhawk processes your personal data as our client, in the circumstances described in this privacy notice where we are a data controller in respect of your personal data.

Greyhawk Intelligence Group Limited (a UK registered company, registered in England with company number 07953361) is the data controller of your personal data and is subject to the General Data Protection Regulation (the “GDPR“) as applied by the UK Data Protection Act 2018.

How we collect your information

We collect your personal data in a number of ways, for example:

  • from the information you provide to us when you interact with us before becoming a client, for example when you express your interest in our services;
  • when you instruct us to provide services to you, sign an engagement letter and provide information about you to us in connection with those instructions;
  • when you communicate with us by telephone, email or via our website, for example in order to make enquiries or raise concerns;
  • in various other ways as you interact with us during your time as a client of Greyhawk, for the various purposes set out below; and
  • from third parties and publicly available sources, for example in order to carry out required due diligence checks on you before we accept your instructions.

The types of information we collect

We collect the following types of personal data about you:

  • Biographical and contact information, including your name, dates of birth, nationality and contact information such as address, email address and telephone number;
  • Identification and due diligence information, including passport information, proof of address, national insurance number (or other tax identification number) and due diligence information such as the results of anti-money laundering and ‘know your client’ background checks; and
  • Financial and instructions related information, including bank account number (used for receipt of funds) and any information you provide us when you instruct us to provide services to you.

We may also collect sensitive personal data, including information concerning your health and medical conditions (for example, disability and dietary needs) and data relating to criminal convictions and offences, where relevant, in each case as is necessary for the provision of our services to you.

How we use your information

The purposes for which we may use personal data (including sensitive personal data) we collect about you during your association with us as our client include:

  • the provision of our core services to you, including research and intelligence services, litigation support services, strategic advice, and all other advisory and consulting services (and, in each case, for the offer and provision of services to you, as set out in each client engagement letter).

Note: we will process the personal data of anyone who is the subject of integrity due diligence and similar services only on your instructions and acting as a data processor for you as data controller.

  • administrative purposes, including administering finance, administering IT systems, and carrying out audits (for example, to ensure compliance with our legal obligations).
  • promoting our services (for example, providing you with briefings and other publications, details of events, or information about our other services which may be of interest to you).

Note: if you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).

The basis for processing your information and how we use it

  • We process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
  • to interact with you before you become a client, for example when you express your interest in our services (for example, to send you promotional material or answer enquiries about our services);
  • once you have engaged us and become a client, to provide you with the services as set out in our engagement letter;
  • for billing and financial management purposes;
  • corresponding and interacting with you (or others acting on your behalf) about our services, including to deal with any concerns, enquiries or feedback you may have; and
  • for record keeping purposes, so that we have a record of your instructions and the research findings and other support we provided to you.
  • We also process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our commercial interests in operating our business in a client focused, discreet and efficient manner, in accordance with all applicable legal requirements. In this respect, we may use your personal data for the following:
  • outsourcing selected ‘back office’ functions to third parties (for example, vendors of hosted software solutions or cloud storage providers) for the purposes of efficient, fast and secure access to information across Greyhawk Intelligence Group;
  • to monitor and evaluate the performance and effectiveness of our services, and to seek advice on our rights and obligations, where relevant, such as where we require our own legal advice; and
  • to keep you informed (by letter, telephone, email and other electronic means) of our services which may be of interest to you. If you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).
  • We also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
  • to meet our legal obligations, such as tax reporting requirements to which we are subject;
  • in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
  • We also process your personal data where:
  • it is necessary for reasons of substantial public interest (for example, where the due diligence checks we carry out involve our processing data relating to criminal convictions and offences);
  • it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients, or of third parties); or
  • we have your specific or, where necessary, explicit consent to do so (for example, where our processing of sensitive personal data is included in your instructions and/or otherwise relevant for the advice and other assistance we provide to you and you permit us to have and use that information).

Sharing your information with others                              

For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we share your personal data with certain third parties, including:

  • those of our staff and consultants providing services to you;
  • law firms and other service providers who are advising you alongside us;
  • providers of outsourced services to us (for example, IT suppliers and cloud storage providers);
  • internal and external auditors; and
  • with a third party in a business transaction, in the event that all or part of Greyhawk is acquired, dissolved, merged or involved in a similar transaction which involves the transfer of client files.

International data transfers

In the course of providing services to you, we may transfer your personal data to a country or territory outside of the European Economic Area (“EEA”), for example where it is processed by staff operating outside the EEA who work for us or for one of our suppliers, or where personal data is processed by one of our suppliers who is based outside the EEA or who uses storage facilities outside the EEA.

In these circumstances, your personal data will only be transferred on one of the following bases:

  • a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
  • where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by the GDPR (for example, standard data protection clauses adopted by the European Commission); or
  • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

How long your information is kept

We will retain your personal data for as long as we are providing you with the services referred to in any relevant engagement letter or any other contract, including our General Terms and Conditions, and for as long as permitted or required for legal or regulatory purposes after the relationship between you and us has ended, or if your instructions for us to provide particular services are declined or abandoned.

Subject to any other notices that we may provide to you, we will typically retain your personal data for a period of seven years after your association with us has come to an end. However, some information may be retained for longer than this, for example where we need to retain it in relation to any claims made against us.

Your rights in relation to personal data

Under the GDPR, you have the following rights in relation to our processing of your personal data.  Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

  • to obtain access to, and copies of, the personal data that we hold about you;
  • to require us to correct the personal data we hold about you if it is incorrect;
  • to require us to erase your personal data in certain circumstances;
  • to require us to restrict our data processing activities in certain circumstances;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
  • to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and
  • where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.

NoteIf you have given your consent and you wish to withdraw it, please contact us using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.

If you are not satisfied with how we are processing your personal data, you have the right to make a complaint to the Information Commissioner (or another data protection supervisory authority in the EU, including the data protection regulator in the EU country where you are located).

Contact us

If you have any queries about this privacy notice or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact us:

  • by email: mail@greyhawk-uk.com
  • by telephone: 020 7406 7510
  • or by post: Data Protection, Greyhawk, 5 Chancery Lane, London WC2A 1LG