====== PRIVACY POLICY ======

Published May 2021

Your privacy and trust are important to us. This Notice explains how Senate Holdings Limited collects, handles, stores and protects personal information about you in the context of our services. It also provides information about your rights and about how you can contact us if you have questions about how we handle your information. 

In this Notice, personal information means any information about an individual from which that person can be identified, such as name, telephone number, email address, or image. It does not include data from which someone’s personal identity has been removed and from which that identity cannot be gleaned (anonymous data).

===== WHO THIS STATEMENT APPLIES TO AND WHAT IT COVERS =====

This Notice applies to any personal information that we receive or collect, which may be from individuals, companies or organisations who interact/work with us or use any website, platform, application (including mobile application (“app”)), product, software or service that we offer (our “Services”). Use of our Services may be directly through us, or through another organisation’s website, app, product, software or service.

Depending on the Service, we may provide additional or different privacy notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. Where we do this, it will be clear which notices apply to which interactions and Services.

Within our Services, there may be links to third-party websites or applications. We are not responsible for the content or privacy compliance of third party websites or applications. You should check those websites or applications for their privacy notices and terms that apply to them.

===== WHO WE ARE =====

We are Senate Holdings Limited, a company which supplies, hosts and provides platforms (“Platforms”) to clients and others.  Senate Holdings Limited is referred to in these Terms as “the Senate”, “us”, "we" or “our”. We are registered in England and Wales under company number 11951721 and have our registered office at 5 High Green, Great Shelford, Cambridge CB22 5EG.

If you have any queries about these Terms, please contact us at support@senatesense.com. 

Where you provide or we collect your personal information to us, we will act as data controller.

===== HOW DO WE COLLECT/RECEIVE YOUR PERSONAL INFORMATION =====

We collect personal information about you from your interactions with us and from certain third parties and other sources (such as from publicly available sources, where permissible).

**Personal information that you provide to us.** Through your interactions with us and our Services, such as, when you use our Services, register for an event, request information or call us for support (please note that we may record or monitor our telephone calls for compliance and quality assurance purposes) or make a donation to us. 

**Personal information that we collect automatically.** Through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us provide, administer, protect and improve our Services, analyse usage and improve users’ experience; and

**Cookies.** Through cookies and similar technologies included on our Services. More information relating to cookies, and how to control their use can be found in our [[public:cookies|Cookies Policy]]. 

**Personal information collected from third party sources.** We may also collect personal information about you from third parties such as:
  * the person(s) arranging for you to access our Services in order to set up a user account;
  * partners and service providers who work with us in relation to the Service you are receiving; and
  * publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services.

** Failure to provide personal information.** If you fail to provide personal information where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the Services that you have requested. In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time. 

===== WHAT TYPES OF PERSONAL INFORMATION WE COLLECT =====

The type of personal information we collect depends on how you are interacting with us and which Services you are using.

In many cases, you can choose whether or not to provide us with personal information, but if you choose not to, you may not get full functionality from the Services.

The personal information we collect consists of the following, which we have grouped together as follows:
  * **identity data and contact data:** name and contact data, such as, first and last name, email address, postal address, phone number, and other similar contact data
  * **profile data:** account credentials, such as, passwords and other security information for authentication and access, your interests, preferences, feedback and survey responses
  * **user content:** such as, communications and files provided by you in relation to your use of the Services
  * **Business content:** when using our Services, you may provide information which is then made public and which may be able to identify you, whether from the context of the information you provide or otherwise. 
  * **technical data:** device information, such as, information about your device, such as IP address, location or provider
  * **usage data:** information and browsing history, such as, information about how you navigate within our Services, your browsing history and which elements of our Services you use the most
  * **location data:** for Services with location-enhanced features. If we need your consent to collect geo-location data, we will collect this separately
  * **transaction data:** includes details about your interaction with us and our Services
  * **financial data:** includes bank account and payment card details 
  * **marketing and communications data:** includes your preferences in receiving marketing from us and our third parties and your communication preferences

===== AGGREGATED DATA =====

We also collect, use and share ‘aggregated data’ such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Statement. 

===== SPECIAL CATEGORIES OF PERSONAL INFORMATION =====

We typically do not collect any Special Categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

===== CREDIT AND DEBIT CARDS =====

We do not store your credit or debit card details at all, following the completion of your transaction. All card details and validation codes are securely destroyed once the payment or donation has been processed. Only staff authorised and trained to process payments will be able to see your card details.

===== HOW WE USE PERSONAL INFORMATION =====

This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve our Services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.

Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
  * **necessary for the performance of a contract:** where we have a contract with you, we will process your personal information in order to fulfil that contract;
  * **in our or a third parties’ legitimate interests:** details of those legitimate interests are set out in more detail below;
  * **where you give us your consent:** we only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent - please note that if you withdraw any consent you have given we may continue to process your personal information where we have another legal basis for such processing; and/or
  * **for compliance with a legal obligation:** e.g., to respond to a court order or a regulator

You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information. Please see the “HOW TO CONTACT US” section below. 
Purposes for which we collect and use personal information
We use personal information for a number of purposes, including to provide and improve Services, administer our relationship with you and us, for marketing and in order to exercise our rights and responsibilities. 

Where you access any of our Platforms, one of our principal uses for your personal information is to provide the functionalities and services that the Platform provides, which includes sharing your questions and answers to questions posed either by yourself or by others. When we share any such content your name may be associated with it and may be publically visible.

We have set out below, in a table format, a more description of all the ways we may use your personal information, and which of the legal bases we rely on to do so.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data.

^ Purpose ^ Lawful Basis ^
| To respond to your specific inquiry or request and to provide you with information and access to resources that you have requested from us | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests  |
| To set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription and Service information | Performance of a contract with you (if applicable) |
| ::: | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| To administer our relationship with you, our business and our third-party providers | Performance of a contract with you (if applicable) |
| ::: | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| To deliver and suggest tailored content such as news, research, reports and business information. We analyse the way you use our Services to make suggestions to you for features or Services that we believe you will also be interested in, and so that we can make our Services more user-friendly | Necessary for our legitimate interests |
| To personalise your experience with our Services. We may retain your browsing and usage information to make your searches within our Services more relevant. We may sometimes share your personal information across our Services so that we can make all of the Services we deliver to you more intuitive (e.g., rather than requiring you to enter the same data many times) | Necessary for our legitimate interests |
| To contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyse the data collected for market research purposes | Necessary for our legitimate interests |
| To display information you choose to post, share, upload or make available in chat rooms, messaging services, and community and event forums (including in community and event profiles) and for related collaboration, peer connection, games and information exchange | Necessary for our legitimate interests |
| To provide any third party, who has made our Services available to you insights about use of the Services | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| For internal research and development purposes and to improve, test and enhance the features and functions of our Services | Necessary for our legitimate interests |
| To provide you with marketing as permitted by law | Where you have consented to receive such marketing |
| To meet our and any third party provider's internal and external audit requirements, including our information security obligations | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| To enforce our terms and conditions | Performance of a contract with you (if applicable) |
| ::: | Necessary to comply with a legal obligation |
| To protect our rights, privacy, safety, networks, systems and property, or those of other persons | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| For the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| To comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| In order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |
| In order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) | Necessary to comply with a legal obligation |
| ::: | Necessary for our legitimate interests |

By using the Platform, you acknowledge that we will use your personal information as set out above. We also believe that each of these purposes is a legitimate interest for our use of personal information. 

Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms.

===== SHARING YOUR PERSONAL INFORMATION =====
==== Transfer to Third Parties ====

We do not sell or loan personal information to any third parties; however, we may share your personal information with third parties only in the ways that are described in this Policy.

We have listed below the categories of third parties to whom we may share your personal information: 

^Third Party ^Description ^
|Our Service Providers |Our service providers include third parties that provide us services such as IT services (such as software and application service providers, third parties who host, store and manage data or provide programming or technical support), payment processing, marketing services and otherwise help us provide our Services. Such third parties will act as our processors. |
|Our professional advisors |We may need to provide your personal information to our professional advisers that provide services to use. Our professional advisors include lawyers, accountants, bankers, auditors and insurers. Such third parties may act as our processors or independent controllers. |
|Our Group Companies |We may share your personal information with our group companies and in such circumstances with ensure that all necessary protections are put in place as required by applicable law.  |
|The person providing your access to our Services |If you are provided access to our services via a third party, we will share your personal information with them |
|Partners |We may share your personal information with our partners with whom we deliver co-branded Services, provide content, or to host events, conferences and seminars |
|Authorities |We may share your personal information with third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities) |
|Third parties related to corporate activities |We may share your personal information to third parties in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we may disclose your personal information to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale |
|Other users of any of our platforms |Information you upload on the platform is publicly available and will be shared with other users (excluding your personal account information) |

Our third-party service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us. We require our third party service providers to process your personal information only in accordance with our instructions and in accordance with applicable laws.

==== Other Disclosures ====

We will share your personal information with third parties only in the ways that are described in this Policy unless we obtain your consent otherwise, except in the following instances: (i) as required by law, (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (iii) when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us, (iv) to respond to any other government-related request, (v) to protect our rights and interests (including without limitation, for our own safety), (vi) to protect your interests (including without limitation, for your safety), (vii) to protect the interests of others (including without limitation, for their safety), or (viii) to investigate alleged or actual fraud, misrepresentation or other misconduct, provided always that such transfer and processing is in compliance with applicable laws.


===== CHANGE OF PURPOSE =====

We will only use your personal information for the purposes described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. 

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. 

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

===== MARKETING =====

We deliver marketing and event communications to you via various methods such as email, telephone, text messaging, direct mail and online. Where required by law, we will ask you to explicitly opt in to receive marketing from us. 

If we send you a marketing communication it will include instructions on how to opt out of receiving these communications in the future. Even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to our Services that you use.

We will get your explicit consent before we share your personal information with any company outside of our group of companies for marketing purposes.
 
Honouring your marketing preferences is important to us. You have the right to opt out of receiving direct marketing and targeted online advertising.

===== INTERNATIONAL TRANSFERS =====

In order to provide certain of our Services it may be necessary for us to transfer your personal information outside of the United Kingdom (UK) or the European Economic Area (EEA). We have measures in place to ensure that when your personal information is transferred internationally, it is subject to appropriate safeguards in accordance with data protection laws. Often, these include contractual safeguards. 

If you are in the UK or EEA, whenever we transfer your personal information outside of the UK or the EEA, we ensure that the necessary protections (as required by the applicable data protection laws of the UK and/or the EEA (as applicable)) are in place prior to any such transfer. If you are outside the UK or EEA, we will treat your personal information to the same standards as that of the UK or EEA, save that we may transfer information to you without such protections. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the UK or EEA. 

===== DATA SECURITY =====

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

While we will use all reasonable efforts to safeguard your personal information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information that are transferred from you or to you via the internet.  If you have any particular concerns about your personal information, please contact us.

===== DATA RETENTION =====

We calculate retention periods for your personal information in accordance with the following criteria:
  * the length of time necessary to fulfil the purposes we collected it for;
  * when you cease to use our Services;
  * the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
  * any limitation periods within which claims might be made;
  * any retention periods prescribed by law or recommended by regulators, professional bodies or associations; and
  * the existence of any relevant proceedings.

In some circumstances you can ask us to delete your data – please see the ‘YOUR RIGHTS’ below for further information. 

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

===== YOUR RIGHTS =====

You may have rights under applicable laws to have access to your personal information and to ask us to rectify, erase and restrict use of, your personal information. You may also have rights to object to your personal information being used, to ask for the transfer of personal information you have made available to us and to withdraw consent to the use of your personal information. Further information on how to exercise your rights is set out below.

We will honour your rights under applicable data protection laws. You should be aware that these rights are not absolute and they do not always apply in all cases.

In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

If you would like to exercise any of your rights please contact us using the details in the ‘HOW TO CONTACT US’ section below.

===== CONNECTING VIA SOCIAL NETWORKS ====

Some of our Services may include social networking features and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, LinkedIn®, to log into some of our Services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these Services. These Services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.

===== LEGAL PRODUCTS AND SERVICES =====

Our platforms provide research and business management and efficiency tools to various businesses including the legal profession, often processing personal information that users input into the platform. For example, if a law firm uses our Services, they may record personal information when using those Services and they may ask us to hold or access it on their behalf (e.g., to provide support). 

The Senate’s suite of products (including SenateSense™ and SenateTalk™) are made up of data aggregated from Senate contributors. These products are available only to authorized businesses and government organizations for their legitimate internal business uses and subject to applicable law. 

The Senate recognises and respects that many of its customers and users of our Services may be subject to ethical obligations to protect confidences with their clients. Where we act as a service provider in regard to the personal or confidential information that our customers or users input into the Senate Products, we do so in accordance with permissible law and we do not use any such information other than to provide, administer and improve our Services, provide user support or to meet our legal obligations.

===== HOW TO CONTACT US =====
If you have any questions, comments, complaints or suggestions in relation to data protection or this Notice, or any other concerns about the way in which we process information about you, please contact us at support@senatesense.com.

===== FILING A COMPLAINT =====

If you are not content with how we manage your personal information, you can lodge a complaint with a privacy supervisory authority. In the EEA, the relevant supervisory authority is the one in the country or territory where:
  * you are resident
  * you work, or
  * the alleged infringement took place

A list of National Data Protection Authorities in the EEA can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

The UK’s supervisory authority is the Information Commissioner’s Office (https://www.ico.org,uk)  

===== UPDATES TO THIS STATEMENT =====

This Notice may be updated by us from time to time. 

Any material future changes or additions to the processing of personal information as described in this Notice affecting you will be communicated to you through an appropriate channel. For example, we may place a prominent notice on our site or email you to let you know of any such updates.