Corporate Privacy Policy
Last updated: 18 May 2018
Westwood Global Energy Limited, registered in Scotland with company number SC493666, and its subsidiary companies as listed in the Appendix to this Policy (“Westwood Global Energy” or “us” or ‘we“) are committed to protecting your personal data.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
This privacy statement describes the personal data we collect from you, what we do with it, how you might access it and who it might be shared with. Please read it carefully.
Contact Information (Data Controller)
The entity in Westwood Global Energy which was originally responsible for collecting information about you will be the Data Controller. Other entities in the Westwood Global Energy group may also act as Data Controllers where they control the use or processing of such data, however there will be a single point of contact for all Westwood Global Energy Data Controllers who can be contacted using the following details:
Westwood Global Energy
38 Albyn Place
Aberdeen
AB10 1YN
Telephone: 01224 502640
Data protection enquiries: [email protected]
What Personal Data We Process
Personal data is any information relating to an identified or identifiable living person.
When you use the Website or any of our subscription products, we will automatically collect device data including IP addresses and details about your browsing history whilst on the platform, browser type, session frequency and cookies – please see our separate cookie policy https://www.westwoodenergy.com/cookie-policy/ for further details on cookies.
We also collect contact information and identity details, such as name, title, company address, email address, and telephone and fax numbers, from Website visitors; for example when an individual subscribes to updates from us or logs in to the any of our subscription platforms including Wildcat, Sectors, Atlas, RigLogix or Energent service.
Visitors are also able to send communications to us through the Website or to interact with our staff through Website communication tools. These messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
We comply with the data minimisation principles of data protection laws and we will not collect any personal data from you we do not need in order to manage the Website. In particular, we do not collect any special categories of data, in the general course of providing services in connection with making the Website available, unless required and only when we have an appropriate legal basis to do so.
Why we Process Personal Data
Customer Product and Services:
We process personal data related to the above data subject in order to:
- provide access to our products and services – examples of such services include access to our online applications, subscription products, reports, newsletters or consulting services;
- manage customer relationships;
- develop our business services;
- maintain and use IT systems;
- to comply with legal, regulatory and corporate governance requirements; and
- administer and manage our website, systems and applications, including confirming and authenticating identity and preventing unauthorised access to restricted areas, premium content or other services limited to registered users and to aggregate data for website analytics and improvements.
Suppliers and Contractor management:
We collect and process personal data related to the above data subject:
- to administer and manage supplier and contractor relationships;
- to enter into contracts;
- to receive services from our supplier and to support the provision of services to our customers where relevant;
- for security and risk management, controlling access to IT systems,
- for travel or customer engagement management and
- to comply with legal, regulatory and corporate governance requirements.
Marketing Purposes:
Unless we are asked not to, we use corporate business contact details to provide information that we think will be of interest to you about us and our services. We will keep your information confidential and we will only use your information within Westwood Global Energy and its subsidiary companies.
Where we require explicit opt-in consent for direct marketing to private email addresses in accordance with the Privacy and Electronic Communications Regulations we will ask for your consent. You can withdraw your consent to such processing at any time, however, you should be aware that if you choose to withdraw your consent we will tell you more about the possible consequences, including if this means that certain services (in particular where you have applied for newsletter updates to a private email address) can no longer be provided). Otherwise, for marketing where the Privacy and Electronic Communications Regulations or where we can rely on the soft opt-in exemption under the Privacy and Electronic Communications Regulations, we will be relying on our ‘Legitimate Interests’ for the purposes of GDPR.
You can opt-out of receiving marketing from us at any stage. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email to [email protected].
We do not carry out automated decision making which has a direct legal impact to you or your right to participate in our products and services.
Our Legal Bases to Process Personal Data
We have to establish a legal ground to use your personal data, so we will make sure that we only use your personal data for the purposes set out above where we are satisfied that:
- our use of your personal data is necessary to fulfil our contractual obligations to you (e.g. to provide a subscription service that you have requested) or because you have asked us to do something before entering into a contract (e.g. provide a quote).
- our use of your personal data is necessary to support ‘Legitimate Interests’ that we have as a business (namely, to improve our products or services, to provide help or support in connection with the Website and our products, to ensure that the Website and products operate efficiently and securely, to carry out analytics across our datasets and to carry out business to business marketing), provided it is always carried out in a way that is proportionate, and that respects your privacy rights; and/or
- our use of your personal data for marketing purposes and the legal basis for this is set out above in the Marketing section;
- our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we are subject to (e.g. to comply with ICO requirements).
Before collecting and/or using any special categories of data we will establish an additional lawful ground to those set out above which will allow us to use that information. This additional exemption will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- a specific exemption provided under local laws of EU Member States and other countries implementing the GDPR.
Data Retention
Westwood Global Energy will retain Personal Data for as long as is reasonably necessary for the purposes listed above.
In the absence of other specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 6 years. Records may however be archived earlier where there has been no interaction with a data subject for 2 years.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.
Who do we share your personal data with?
As flagged above, we share data with other Westwood Global Energy companies.
We also share the data with third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data, and include:
- service providers, who help manage our IT and back office systems, in particular Amazon Web Services, IBM, Microsoft, Apple, Dropbox, Rackspace and Intercom.
- Contact Relationship Management and marketing tools such as Salesforce, Xero, Mailchimp, Sendbloom, ActiveCampaign and iContact.
- Payment management tools and service Sage (UK), Worldpay and Stripe.
- our regulators, which include the ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world,
- solicitors and other professional services firms (including our auditors).
Also, if we were to sell part of our businesses we would need to transfer your personal data to the purchaser.
Transfer of Personal Data
We share your personal data within our group of companies which involves transferring your data outside the European Union. Many of our third parties service providers are based outside the European Union so their processing of your personal data will also involve a transfer of data outside the European Union. Countries outside of the European Union do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Accordingly, whenever we transfer your personal data out of the EEA, we will ensure at least one of the following safeguards is in place:
- transfer to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use the Standard Contractual Clauses, other specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
In those cases you will have the right to ask us for more information about the safeguards we have put in place as mentioned above (e.g. to request a copy where the safeguard is documented, which may be redacted to ensure confidentiality).
What are your rights?
You have a number of rights in relation to your personal data which should be exercised by contacting the User who is the ‘controller’ of this data (e.g. your employer). In summary, you may request the User to ensure you can access your data, request the rectification of any mistakes relating to your data, request the erasure of records which are no longer required, request the restriction on the processing of your data, object to the processing of your data, or request to exercise your right of data portability. You also have various rights in relation to any automated decision making and profiling, however we do not carry out these activities in connection with the Platform or the Website.
Please note the following if you do wish to exercise these rights:
- Identity. We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.
- Fees. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances.
- Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
- Exemptions. Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
Complaints
You have a right to complain about our use of personal data, if you wish to complain please send an email with the details of your complaint to [email protected]. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner’s Office (“ICO”), which is the UK data protection regulator, at [email protected]. We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Changes to this Privacy Notice
We will update this privacy notice if required to reflect changes to our privacy practices. If you are a customer and we make any material changes that affect the way we treat information that we have previously collected from you, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice through the services prior to the change becoming effective. We encourage you to periodically review the privacy notice for the latest information on our privacy practices.
Appendix
Subsidiary Companies
Entity | Registered Number | Registered Country |
Westwood Global Energy Limited | SC493666 | Scotland |
Richmond Energy Partners Limited | 05968860 | England |
Douglas-Westwood Limited | 02551677 | England |
Novas Consulting Limited | 05394042 | England |
Hannon Westwood Limited | SC369635 | Scotland |
Hannon Westwood Holdings Limited | SC364371 | Scotland |
Westwood Global Energy Inc | 6346772 | United States (Delaware) |
Douglas-Westwood Inc | 801628222 | United States (Texas) |
Energent Group Software LLC | 0801926616 | United States (Texas) |
Douglas-Westwood Pte Ltd | 201308419N | Singapore |