Montrose Associates Limited (“we”, “us”, “our” etc.) is committed to protecting your privacy. We are the controller in relation to the personal data processed in accordance with this policy (except where this policy explains otherwise). This policy explains how we process personal information, referred to here as personal data, your rights and how to contact us if you need to.
The nature of our services means that we often collect information about individuals and business situations by indirect means. This policy explains how we process that information and protect individuals’ privacy rights.
You can navigate to specific sections of this policy by clicking the links below:
We may process your personal information if:
We may process your personal information that we have either obtained from you, or obtained from somewhere else. Personal information which is not collected directly from you may be collected:
This may include:
Your personal information, however obtained, will be used by us for the purposes set out in this policy. In particular,:
We are required to rely on one or more lawful grounds to collect and use your personal information. We consider the following to be relevant:
The law allows us to collect and use personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our ‘legitimate interests’ are the interests of running Montrose Associates Limited as a private company and providing intelligence services to our corporate clients.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
We may disclose your personal information to third parties in order to achieve the purposes set out in this policy. These third parties may include:
We also reserve the right to disclose your personal information to third parties:
If Montrose Associates Limited is acquired by a third party, in which case personal information held by it about its customers would be one of the transferred assets. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our terms of supply and other agreements with you or the company you work for; or to protect the rights, property, or safety of Montrose Associates Limited, our clients, employees or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
The information that we process in relation to you may be transferred to, and stored at, a destination outside the UK and the European Economic Area ("EEA") that may not be subject to equivalent data protection law (and therefore may have a lower standard of protection, including lower security requirements and fewer rights for individuals). It may also be processed by staff situated outside the UK and EEA who work for us or for one of our suppliers.
We may transfer your personal information outside the UK and the EEA:
If personal information we hold about you is not accurate, out of date or incomplete, you have a right to ask for the information to be rectified, updated or completed. Therefore, please advise us of any changes to your information. You can let us know by contacting us using the details in the Contacts section or use the address at the bottom of this page. We may need to verify the accuracy of the new information you provide to us.
In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.
You can ask us to transmit that information to you or directly to a third-party organisation.
The above right exists only in respect of personal information that:
The right also only applies where the lawful basis for processing the personal information is consent or when necessary for performance of a contract. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third-party organisation's systems. Also, we may be unable to comply with requests that relate to personal information of others without their consent.
You can exercise this (or any other) rights by contacting us.
Privacy rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
Any personal information we hold will be kept for the period necessary to fulfil the purpose for which it was collected or, where the information is required for longer, in accordance with our data retention policies. However, you may always ask us to permanently erase your information and in certain circumstances you have a legal right to request such erasure.
Any payment details you provide us will be securely transferred to our banking partners to fulfil agreed payment for services.
We retain personal information generally for administrative purposes for as long as you have a relationship with us in order to meet our contractual obligations to you or your employer as long as is reasonably necessary after that to identify any issues and resolve any legal proceedings.
We retain personal information collected and processed in order to deliver our services to clients for the minimum period necessary. Where possible we use automatic mechanisms to enforce our data retention policies and we periodically check to ensure that our policies are being adhered to. Personal information collected and processed in order to deliver our services to clients may be retained longer if we are required to preserve records for legal purposes.
We implement security safeguards designed to protect your data. We regularly monitor our systems for possible vulnerabilities and attacks. We regularly assess the effectiveness of the security mechanisms we have implemented, and make improvements as we deem necessary. However, we cannot warrant the security of any information that you send us.
In addition to the rights set out in sections 9 and 10, you also have the right, under certain circumstances:
Please note that we do not apply any solely automated decision making processes to your personal information.
To exercise any of these rights, please contact us. Please note that we may ask you for additional information to confirm your identity before disclosing personal information to you, and that some of these rights apply in limited circumstances and are subject to legal exemptions.
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
If you are unhappy with the way we process your personal information, you may approach your local data protection authority. The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal information, as well as deal with any complaints that you have about our processing of your personal information. We ask that you consider contacting us first so that we have an opportunity to resolve your concerns before this step becomes necessary.
Montrose Associates Limited