Version Date: 24 May, 2018
- organising it into the sections listed in the Table of Contents below,
- defining and capitalising common terms for simplicity and brevity.
References to "our site" refer to the Winter Circle website and the Winter Circle app hosted at the following domains:
When we refer to "Winter Circle", we mean the Winter Circle entity that acts as the controller of your information, that is located at 10 Throgmorton Avenue, London, EC2N 2DL, United Kingdom.
Users: Collective term for any guest visitor, member or client to our site.
Members: Users who register to our site for networking and job opportunities.
Clients: Users who enter into a commercial agreement to use our service to connect with members regarding job opportunities.
WHAT DOES WINTER CIRCLE DO?
Winter Circle is an invitation-only digital network for the world's leading executives. We help global organisations find their next senior leaders by connecting them directly with the best talent. An exclusive digital destination, both members and clients use Winter Circle to find unique opportunities, ideas and intelligence.
INFORMATION WE COLLECT AND RECEIVE FROM USERS
Winter Circle may collect and receive Users Data (Personal Data) and other information and data ("Other Information") in a variety of ways on our site:
Other Information: Winter Circle also collects, generates and/or receives Other Information as below.
Information: Collectively, Personal Data and Other Information
- Users may give us information about themselves by completing the registration form or editing their profile page on our site or by corresponding with us by phone, email or otherwise.
- To create an account and register to use our site, Users supply Winter Circle with an email address, phone number and password. This may also include an address, personal description and photograph, CV and other details about their education and professional background.
- Log data: As with most websites and technology services delivered over the internet, our servers automatically collect information when you access or use our site or service and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using our site or service, browser type and settings, operating systems, the date and time the our site or service was used, information about browser configuration and plugins, language preferences and cookie data.
- Device information: Winter Circle collects information about devices accessing our site or service, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
- Page visits: Includes the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); services viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), visitor type, and methods used to browse away from the page.
Additional Information Provided to Winter Circle
- We receive Other Information when submitted to our site if Users apply for membership or request for more information, participate in our magazine, partnership activities or event, apply for a job, request support, interact with live chat or otherwise communicate with Winter Circle.
OUR LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION
Whenever we process your Personal Information we must have a "legal basis" for doing so. The different legal bases we rely on are:
- Legitimate interests: Processing is necessary for us to conduct our business, but not where your fundamental rights of privacy are outweighed by our legitimate interests;
- Consent: You have told us you are happy for us to process sensitive information for a specific purpose;
- Performance of a contract: We must process your Personal Information in order to be able to provide you with one of our products or services;
- Public information: We process Personal Information which you have already made public.
HOW WE USE THIS INFORMATION
Winter Circle uses Information as part of the legitimate interests in operating our site, service and business.
- To provide, update, maintain and protect our site, service and business. This includes use of Information to support delivery of our services under a client agreement, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at a User's request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Information to respond.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our services, our services offerings, and important services-related notices, such as security and fraud notices. These communications are considered part of the service and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Winter Circle. These are marketing messages so you can control whether you receive them in your account settings.
- For billing, account management and other administrative matters. Winter Circle may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
We retain your Information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. This may include keeping your Information after you have deactivated your account for the period of time needed for Winter Circle to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Winter Circle will retain Client Data in accordance with a Client's instructions, including any applicable terms in the Client Agreement and Client's use of services, and as required by applicable law.
HOW WE SHARE AND DISCLOSE INFORMATION
This section describes how Winter Circle may share and disclose Information.
- Members: As a user who registers as a member, Members share their name, current position, career history, and other details about their education and hobbies with fellow members.
- Clients: As a user who may be hiring for a position, Clients can view Personal Information and contact members in order for the client to determine whether the member is interested and/or a good fit for the position. The Clients we engage with are located globally across a range of sectors, including Technology, E-Commerce, Defence and Aerospace.
- Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Information and support our business. These third parties may, for example, provide a messaging service.
- Corporate Affiliates: Winter Circle may share Information with its corporate affiliates, parents and/or subsidiaries.
- During a Change to Winter Circle's Business: If Winter Circle engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Winter Circle's assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
- To Comply with Laws: If we receive a request for information, we may disclose Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To Enforce our Rights, Prevent Fraud, and for Safety: To protect and defend the rights, property or safety of Winter Circle or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent: Winter Circle may share Information with third parties when we have consent to do so.
WHERE IS OUR DATA STORED?
Our goal as a company is to provide our customers with secure, fast, and reliable services and the storage of data is an integral part of this.
Winter Circle stores data in its AWS data center located in the US. In order to provide vital maintenance such as 24/7 technical or customer support, we may also permit employees and contractors located outside the EU (e.g. in the US, Hong Kong and Singapore) access to certain Information for product development as well as technical and/or customer support.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Information. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this when editing your profile or using the settings provided in your account. If you are unable to sign in to your account or experience any technical problems, please contact us at firstname.lastname@example.org
To the extent that our processing of your Information is subject to the General Data Protection Regulation, Winter Circle relies on its legitimate interests, described above, to process your data. We may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to Winter Circle's use of your Personal Data for this purpose at any time.
As a data subject residing in the European Union, you have the following rights under GDPR:
- the right of access to Personal Data relating to you;
- the right to correct any mistakes in your Personal Data;
- the right to ask us to stop contacting you with direct marketing;
- rights in relation to automated decision taking;
- the right to restrict or prevent your Personal Data being processed;
- the right to have your Personal Data ported to another data controller;
- the right to erasure; and
- the right to complain to the ICO if you believe we have not handled your Personal Data in accordance with the GDPR legislation.
These rights are explained in more detail below. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex and of a significant number, we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond).
Right of access to Personal Data relating to you
You may ask to see what Personal Data we hold about you and be provided with:
- a summary of such Personal Data and the categories of Personal Data held;
- details of the purpose for which it is being or is to be processed;
- details of the recipients or classes of recipients to whom it is or may be disclosed;
- details of the period for which it is held;
- details of your rights, including the rights to rectification, erasure, restriction or objection to the processing;
- any information available about the source of that data;
- where your Personal Data are transferred out of the EEA, what safeguards are in place.
Requests for your Personal Data must be made to email@example.com specifying what Personal Data you need access to, and a copy of such request may be kept by us for our legitimate purposes in managing the Service. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
There are certain types of data which we are not obliged to disclose to you, which include Personal Data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations. We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the Personal Data requested, we may charge you a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to the GDPR.
Right to update your Personal Data or correct any mistakes in your Personal Data
When you join as a Member or Client, either through online registration or over the phone with one of our membership or client teams, you are issued with individual logins, which enable you to keep your details accurate and up to date whenever you sign into your profile. If you are unable to log in to your account or experience any technical problems, please contact us at firstname.lastname@example.org
Right to ask us to stop contacting you with emails
We have a legitimate interest in sending you emails in connection with our site, service and related matters (which may include but shall not be limited to newsletters, announcement of new features etc.). We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
You can choose the type of content you receive from us or prefer to opt out of all communications by signing in to your account where you can edit this in your settings. You can also unsubscribe from emails at the bottom of each email you receive from us. Unsubscribing from emails does not unsubscribe you from essential emails in respect of the administration of your account. If you are unable to log in to your account or experience any technical problems, please contact us at email@example.com
Rights in relation to automated decision taking
We do not base any decisions solely on an automated process, there is human intervention within all aspects of data processing.
Right to restrict or prevent processing of Personal Data
In accordance with GDPR, you may request that we stop processing your Personal Data temporarily if:
- you do not think that your Personal Data is accurate (but we will start processing again once you have updated and confirmed that your profile is accurate);
- the processing is unlawful but you do not want us to erase your Personal Data;
- we no longer need the Personal Data for our processing; or
- you have objected to processing because you believe that your interests should override the basis upon which we process your Personal Data.
If you exercise your right to restrict us from processing your Personal Data, we will continue to process the Personal Data if:
- you consent to such processing;
- the processing is necessary for the exercise or defence of legal claims;
- the processing is necessary for the protection of the rights of other individuals or legal persons; or
- the processing is necessary for public interest reasons.
Right to data portability
You may ask for an electronic copy of your Personal Data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to Personal Data that you have provided to us – it does not extend to data generated by us.
Right to erasure
You can ask us to erase your Personal Data where:
- you object to our processing and we do not have any legal basis for continuing to process your Personal Data;
- your Personal Data has been processed unlawfully or have not been erased when it should have been; or
- the Personal Data have to be erased to comply with law.
We may continue to process your Personal Data in certain circumstances in accordance with GDPR (i.e. where we have a legal justification to continue to hold such Personal Data, such as it being within our legitimate business interest to do so (e.g. retaining evidence of resolved support requests, billing information etc.). Where you have requested the erasure of your Personal Data, we will inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort.
Right to complain to the ICO
HOW TO CONTACT US
If you need to contact us with regard to any of your rights as set out in this Policy, all such requests should be made in writing by email to firstname.lastname@example.org