1 July 2022
Who are we?
Lionheart Squared Ltd is a private limited (no. 10819580) in England & Wales (VAT 275189175). Our team is comprised of experienced, accredited privacy professionals dedicated to assisting its clients meet their privacy obligations, including the General Data Protection Regulation (GDPR). We are the data controller of this website. This means that we decide how and why we process personal data collected through this site.
How can we be reached?
How do we collect personal data?
Directly from individuals in a variety of ways:
- Social interactions with individuals whilst establishing business relationships
- Performing professional services under client contracts
- newsletters and event registration
Indirectly from variety of sources, including:
- Referrals and engagements
- Public registers
- News, articles, Internet searches, LinkedIn
- Credit reference agencies
- Employment recruitment services
What categories of personal data do we collect?
Personal data we collect typically includes:
- Contact details of individuals (name, phone number, email, and address)
- Professional details (career, professional affiliations, etc.)
- Identification details where required for data subject access requests
- Supervisory authority contact details
- Personal identification documents, which (may reveal race or ethnic origin, and possibly biometric data of private individuals, beneficial owners of corporate entities, or applicants)
- Adverse information, which (e.g., may reveal criminal convictions or offences information)
- Diversity and equal opportunity information, which (e.g., may reveal race or ethnic origin, political opinions, religious or philosophical beliefs, sexual life, health conditions, or trade union membership
- Dietary or access requirements, which could reveal religious beliefs or physical health
Information about children
We do not aim our service at, nor do we knowingly collect data from individuals under the age of 18. However, we may process data subject requests about or for individuals 13 years of age or older should they contact us directly to exercise their data subject rights.
What lawful reasons do we have for processing data?
When we collect and use personal data, it is for lawful purposes. Our legal bases for processing personal data are:
- Contract. We may process personal data in order to perform our contractual obligations for a service you requested.
- Consent. You freely give your consent when you provided your personal data to us.
- Legitimate interests. We insure processing is fair, balanced and meets reasonable expectations of individuals under the circumstances, like marketing and delivering our services or handling data subject for our clients
- Legal obligation. To meet public interest and legal obligations imposed on us
Why do we process personal data?
- To contact data protection officials about matters
- To maintain accurate records about our business clients, subscribers, suppliers and professional individuals
- To send personal invitations to events we occasionally host
- To process data subject requests, including language translations
- To respond to inquiries from prospective business clients and data protection authorities
- To administer and secure our information systems, applications and websites
- To comply with legal and regulatory obligations such as countering money laundering, terrorist financing, fraud, financial crime
Do we share personal data?
Where share personal data with third parties, they are contractually obligated to safeguard it. Categories of third parties we share data with may include:
- Our affiliated companies to perform administrative or specialty data protection services
- Service providers in support of the proper functioning of our offices and services, such as telecommunication systems, office and mailroom support, IT system support, archiving services, document production services and cloud-based software services
- Professional advisers, including translators, lawyers, auditors, insurers, and recruiters
- Regulatory agencies, law enforcement or other third parties as required by, and in accordance with, applicable law or regulation
- Potential buyers, transferees, merger partners or sellers and their advisers in connection with an actual or potential transfer or merger/acquisition of part or all our business or assets, or any associated rights or interests
Do we transfer personal data outside the UK?
We store personal data on applications and servers located in the United Kingdom (UK); however, we may transfer personal data to reputable third-party organisations situated outside the UK when we have a business reason to engage these organisations. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
What are your UK data protection rights ?
Although the GDPR rights described below apply to individuals based in the UK. Data subjects can ask us, as data controller:
- To verify whether we are processing personal data about you in our capacity as a data controller, and if so, to provide you more information in that respect
- To correct our records if you believe our records about you contain incorrect or incomplete information about you
- To erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected
- To restrict processing of your personal data if you contest its accuracy or need us to preserve it for you (so you can establish, exercise, or defend a legal claim). This temporary restriction may apply while we are analysing the legitimate grounds to process it your personal data. You can tell us to inform you before we lift that temporary processing restriction
- To object to direct marketing including profiling. You can object to our use of your personal data for direct marketing purposes including profiling. We may need to keep minimal information to comply with your request to cease marketing to you (e.g., list of email addresses is maintained for up to two years after our last interaction to ensure that ‘unsubscribe’ requests from marketing communications are respected)
- To withdraw your consent to one or more specified processing purposes related to your personal data. This will not affect the lawfulness of any processing carried out before consent withdrawn. We will advise you if products and services will no longer be available
- To transmit in a structured, commonly used, and machine-readable format your personal data (if you provided it to us) directly to another company if is technically feasible
Automated Individual Decision-making. We do not make any decisions about individuals solely based on automated processing including profiling that produces legal effects or similarly significantly affects individuals.
How is a data subject request made?
If you interacted with us directly (where we determined the means and purpose for processing your personal data) you have the right to make a data subject request. Contact us directly at Privacy@LionheartSquared.com
- There is no fee to be paid for data subject requests unless it is clearly unfounded or excessive
- We will need to confirm your identity to ensure access to the requested information or action
- Individuals may complain to the the UK Information Commissioner if they think we have mishandled their data subject request
How do we secure personal data?
We put appropriate technical and organisational measures in place to protect personal data from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited to those who need it. We may apply privacy enhancing, techniques to further protect personal data.
Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
How long do we retain personal data?
We retain personal data to provide our services, and to contact individuals with whom we have a new or ongoing relationship. We may need personal data to comply with applicable laws, regulations and professional obligations that apply to us. Where we retain personal data in accordance with these uses, we retain for no longer than seven years from last use unless a different time frame applies as a result of specific legal, regulatory or contractual requirements. At the end of the retention period, we will apply secure data disposal methods.
Do we hyperlink to other sites?