Client and website privacy policy and notice

MAY 2023

EVORA is committed to protecting your privacy.

At EVORA Global we respect your privacy and commit to protecting your personal data. This “privacy notice”
explains what we do with your personal data, why we want to use it, how we protect it, and what rights you have to control our use of it.

It applies not just to use of our website and data platforms, but also personal data that we process through other interactions with individuals in the course of running our business and delivering services, such as individuals working for our customers, partners and suppliers. Our websites and services are not intended for children and we do not knowingly collect data relating to children.

If you have any questions, concerns or just want some more information about our privacy management, drop us a line at [email protected] .

Information about us as a data controller

This privacy notice is for EVORA Global Limited (collectively referred to as “EVORA Global”, “we”, “us” or “our” in this privacy notice). We collect, use and are responsible for certain personal data about you. When we do so we are regulated under data protection laws and we are responsible as “data controller” of that personal information for the purposes of the law.

Our contact address is: 3rd Floor, Birrane House, 2-4 Southwark Street, London, SE1 1TQ. Our company number is 07450294.

What personal data do we process and why?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 

We use personal data from different categories of individual for different purposes and these each have a different ‘lawful basis’. This section describes the lawful basis and purposes in detail and, although it’s technical, we’re required by law to explain this to you.

If you fill in a form on our website to contact us or download a document: we will store the data you enter (usually name, contact details, message) for the purposes of responding to your enquiry and business development. We do this on the basis that it is necessary for our legitimate interests in operating and promoting our business. We store your data for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below) or use the unsubscribe links on marketing emails.

If you are a member of our mailing list: we will use your email address for the purpose of sending you blog posts, our monthly newsletters, and invitations to our events and workshops. We have this data if you signed up on our website or if you provided us with your contact details by email or when meeting our staff. We process this data on the basis that it is necessary for our legitimate interests in promoting and marketing our business. If you no longer wish to hear from us just click the “unsubscribe” links at the bottom of each email.

If you are a SIERA account holder: we will hold your name, username and email address on the basis that it is necessary for our legitimate interests in operating a building sustainability data platform for clients. You or your employer will have provided these details through the account creation process. We need these details for the purpose of enabling secure access to the data platform by staff and workers in the supply chain of our clients. If you no longer require your account, you can email us (see “How to contact us” below). We will hold your information until you or we delete your account.

If you subscribe to one of our training courses: we will hold your name, email address and potentially your job title and organisation or other information we ask for on sign up on the basis that it is necessary for our legitimate interests in providing ESG training to our clients and promoting our business. We need these details for the purposes of providing you with access to our webinars and other training and to provide occasional updates on further training or industry developments that we think you will find of interest. If you no longer wish to hear from us, just click the “unsubscribe” links at the bottom of any emails you receive from us.

If you work for one of our clients or in our clients’ supply chain, or if you are an industry contact or working in a field relevant to our mission: we may hold your name, company, job title and contact details.
We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as LinkedIn, internet searches, or third parties. If you have been in contact with us by email or phone we may also have copies of email exchanges or conversation notes. We need this data in order to interact with you (or your employer) for the following purposes:

  1. To run and develop our business;
  1. To communicate with interested people regarding events, news and updates.

We do this on the basis that it is necessary for our legitimate interests in running and growing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to
contact us” below).

If you submit an application to join us, whether as an employee or contractor:  we will hold any personal information you provide to us (via our website or other methods), or that is sent to us by a third-party recruitment agency or website. This is likely to be your name, contact details and personal information contained in your CV. We do this on the basis that it is necessary for our legitimate interests in recruiting talented people. We will use this information for the purpose of communicating with you and evaluating your application. We will hold this information for as long as we need to interact with you for these purposes or until you ask us to delete it.

If you are a supplier or work for a supplier: we may hold your name and contact details because we have a legitimate interest in doing business with your company. Our purpose for processing your personal data is to interact with you or your employer to procure and pay for goods and services. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see “How to contact us” below).

Cookies and similar technologies

If you visit our website, we may store information relating to you using cookies or similar technologies, which we can access when you visit our site in future. Cookies are small files, which are sent by us to your computer or other access device, that track, save and store information about your interactions and usage of our website.
Cookies enable our website to work, improve site security and help us provide you with a better service.

Generally, the cookies used do include information from which you can be identified as an individual. For more information on our use of cookies and how to control them see our Cookie Policy .

Retention of personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for,
including for the purposes of satisfying any legal, accounting, or reporting requirements, taking into
account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs.

Sharing your personal data

Data processors
We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our business and the services we provide to our users and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:

  • Website analytics service providers
  • Website and data hosting service providers
  • Document storage service providers
  • Email, contacts, instant messaging and calendar service providers
  • Project management software providers
  • CRM service providers
  • Accounting software service providers

These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.

For security reasons we do not name all our service providers in this privacy notice. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.

If you attend one of our events

The name and company of attendees at our events may be shared with other participants and may be shared on our website.

If the event is co-organised with another organisation, then the name and company of attendees may also be shared with that partner organisation to enable access and name badges etc.

Other circumstances in which we may need to share personal data with third parties

We may also share your personal data with the following third parties in certain circumstances:

  • We will share personal information with law enforcement or other authorities (such as tax
    authorities) if required by applicable law.
  • We may share personal information with third parties as part of a merger or transfer, acquisition or
    sale, or in the event of a bankruptcy. In such case, we will require the relevant third parties to
    provide comparable levels of protection as we provide with respect to the information we share.
  • We may share personal information with professional advisors such as lawyers, accountants or
    auditors in order for them to provide us with legal, accounting or auditing services.
  • We may share personal information with consultants working for us where this is necessary for them to provide their services to us or our clients.

We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes.

International transfers of personal data, and the measures in place to safeguard it

We do not directly transfer any of your personal data outside the UK or the European Economic Area (EEA).
However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected.

Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. In some cases, they hold copies of your personal information outside the UK or EEA.

In each case our processors and/or we employ one or more of the transfer safeguard mechanisms designated by data protection legislation, which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse. These include:

  • Where we use certain service providers, we may use standard contractual clauses approved by the European Commission or UK ICO, which give personal data the same protection it has in Europe. For further details, see European Commission: Standard Contractual Clauses
    .

Please contact us (see below) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the UK or EEA.

Your personal data rights

The personal data we hold about you is your data, and you have certain rights over the data under applicable data protection laws. This section summarises the rights you have where your personal data is protected under UK data protection legislation.

  • You have the right to request a copy of all personal data we hold relating to you. You also have the right to require us to correct any mistakes in the personal data we hold relating to you.
  • Where we are processing your data based on your consent you can withdraw that consent and we must immediately stop processing your data.
  • Where we process your data based on a “legitimate interest” (underlined in the section on “purpose and lawful basis”, above) you still have the right to object to our processing of that data if you feel it impacts on your fundamental rights and freedoms.
  • You also have the right to object where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing
    emails.
  • In certain situations, you have the right to require us to erase personal data where there is no
    good reason for us continuing to process it, or to request restriction of processing of your personal data.
  • Finally, you have the right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format in certain circumstances.

For further information on each of these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation .

If you would like to exercise any of these rights, the easiest way is by dropping us an email (see “How to contact us” below).

Automated processing of your personal data

You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your rights to lodge a complaint with the Regulator

At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves.

Changes to this privacy notice

This privacy notice was last updated on 18th May 2023. We may change this privacy notice from time to time by amending this page.

If you have any questions, concerns or just want some more information about our privacy management, drop us a line at [email protected]