Tapestry - Your global incentives lawyers | Tapestry

This Privacy Notice is issued jointly by Tapestry Compliance Ltd and Tapestry Insight Ltd ("Tapestry").

We understand that your data privacy is important. We are committed to protecting and respecting your privacy. In the course of running our business and providing services to you, we will process your personal data in accordance with the European General Data Protection Regulation ("GDPR") and other applicable data protection laws, including the Data Protection Act and the UK version of GDPR enacted under the European Withdrawal Act 2018 ("UK GDPR"). For the purpose of the GDPR, Tapestry is the data controller.

This Privacy Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed and stored by us. By providing your personal information to us, you are agreeing to us using your information as described in this notice. This notice may change from time to time and we recommend you review it periodically.

How does Tapestry obtain personal data?

We want to offer you the best possible service. We may obtain your personal data during the course of running our business. Without your personal data, it may not be possible for us to provide services to you or the organisation you represent.

What data is collected?

In the course of running our business the "personal data" we process includes but is not limited to your name, address, telephone number and email address, and we may ask for ID documentation.

Who is controlling your data?

Tapestry is the "data controller" of your personal data, as we determine why and how your personal data is processed during the course of our business.

What is the purpose and basis for processing?

Your personal data may be processed for a variety of purposes in the course of running our business and the provision of legal services.

We do not anticipate requiring your explicit consent to process your personal data. If that changes we will let you know.

We will always process personal data in an appropriate and lawful manner in line with relevant data protection principles. As our business operates globally, different laws may apply depending on where you are based.

Processing governed by the GDPR and UK GDPR:

If you are located in the European Economic Area ("EEA") or in the UK, the processing of your data is primarily governed by the GDPR and the UK GDPR. The basis on which we process your personal data is the pursuance of a contract for the provision of legal services or training, for legal and regulatory duties and/or our legitimate interests. These may include:

providing legal and tax advice;
providing training; and
delivery of our latest newsletters and marketing materials.

We will always consider your interests, rights and freedoms when processing data as required by relevant law.

Processing governed by UK GDPR and international law:

If you are located outside of the EEA and the UK, the processing of your data may be governed by local, national and/or other international laws as well as the UK GDPR. Where laws, other than GDPR and UK GDPR, require consent for processing data, we will assume that you consent to us processing your data, in accordance with this Privacy Notice, unless you opt out.

Transferring your data

In the course of providing our services, your personal data may be transferred to countries outside of the EEA - for example, we may cc you on an email sent out of the EU.

If we hold any of your personal data which relates to an incentive award (which is unlikely) we may pass it to third parties including trustees, registrars, brokers, administrators, regulators and external advisors, who may also have a legitimate interest.

Anyone processing your personal information is required to comply with global data protection laws.

We will not pass your data to anyone for marketing purposes. We will only pass your data to third parties if required to do so by law or if necessary as part of our provision of services to you or your employer.

How long will we keep your data?

We are required by our insurers and regulators to keep your file and personal data for minimum periods. We are not however permitted to keep your personal data indefinitely or for longer than is necessary. If your data is no longer required, it will be destroyed. Some of the factors which will affect how long we retain your data include your continued engagement with Tapestry, your status as an alumnus of the Cert. ESP Course and your continued receipt of our newsletters and marketing materials.

The minimum period we will keep files and other personal data relating to a legal matter is six years. We may keep a file for significantly longer than this if it is necessary and in our legitimate interests to do so.

We operate a rolling annual programme of file destruction. All our files and other documents containing personal data are destroyed securely.

Your rights

You have a number of rights relating to your personal data and our processing of this data. In most circumstances you have the right:

to request access to and/or correct your personal data;
to request the erasure of personal data or restrict the way in which we process it (subject to certain conditions);
to object to us using your personal data for direct marketing; and
not to be subject to automated processing (profiling).

You simply need to contact us to exercise any of your rights. In the case of marketing, there is always an 'unsubscribe' button in our marketing emails.

Where we hold your personal data

Your data will be stored at our offices and on our IT equipment or, where your information is shared with a third party, at their premises or on their IT equipment.

We archive our old files to a secure facility prior to destruction. Details are available on request.

Data Protection Officer

We do not have a Data Protection Officer ("DPO") but have appointed a Data Privacy Manager, Chris Fallon, to implement our data protection policies and procedures.

Questions and who to contact

If you have any questions, requests, complaints or concerns regarding how we handle your personal data, in the first instance please contact Chris Fallon:

Email: chris.fallon@tapestrycompliance.com
Address: 5&6 Sellers Wheel, 151 Arundel Street, Sheffield, S1 2NU
Telephone: +44 (0)7413 064345

If you are not satisfied with our response or believe our processing of your personal data is in breach of any applicable laws, you can complain to your local supervisory authority. In the UK, this is the Information Commissioner's Office (website: https://ico.org.uk/concerns or telephone 0303 123 1113).