September 2021

PromoVeritas Ltd (“we/us/our”) is a company incorporated in England and Wales. Our registered office is at Monument House, 215 Marsh Road, London, HA5 5NE and our registered number is 04437132. We also own and operate promoveritas.com and other related sites (our ‘websites’).

We hold personal data about individuals, our employees, our clients, and our suppliers for a variety of business purposes. At times we are the data controller meaning that we determine the purpose and way your personal data is used, for example when we are the employer or if we run a promotion of our own. At other times we are a data processor, operating under the instructions of a data controller. The most obvious case of this is where we are contracted to administer promotions or aspects of promotions being run by our clients. If you have entered a promotion belonging to one of our clients, their privacy policy, as the Promoter, will apply to the use of your personal data.

We are committed to respecting your privacy and to complying with applicable data protection and privacy laws in relation to how we collect, use, and protect your personal data. This means that we will not process personal data without a lawful basis, for example the individual whose details we are processing has consented to this happening, or we have a contractual right to do so. And, it is why we have developed this Privacy Policy (“Policy”), which sets out:

  • How you interact with us from a personal data perspective
  • The types of personal data that we collect and how we use it
  • In what circumstances we will share your personal information within our organisation and with other organisations where relevant; and
  • The rights and choices you have when it comes to your personal data.

Effective date

This Policy is effective from 03 November 2020, updated in May 2021 and should be read with our Terms of Service and our Website Terms of Use.

What personal data do we collect?

We usually only collect personal information such as

  • name
  • email address
  • phone number

However, the exact types of personal data we gather will depend on whether where you are a supplier, a business contact, an employee, or prospective employee. What we collect might include:

  • contact details
  • educational background
  • financial and payment details
  • details of certificates and diplomas, education and skills, and CV
  • marital status
  • nationality
  • job title

Special Category Data

This is personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or criminal offences. We very rarely collect this type of data. However, for employees, we might collect limited information about your health to meet our legal obligations and for duty of care purposes. This will only be done if we have your explicit consent to do this, unless there are exceptional circumstances i.e., where we are required to do this by law or under contract or to ensure health and safety at work.

Accuracy and relevance

We will seek to ensure that personal data we process is accurate, adequate, relevant, and not excessive, given the purpose for which it was obtained. We will not process your personal data obtained for one purpose for any other unconnected purpose unless you have agreed to this or it would be reasonable to expect you to consent.

How do we collect your personal data?

Personal data is provided to us when you

  • Obtain services from us or enter a promotion we may be running, such as our Christmas Promotion.
  • Visit and view our websites, via cookies we may use, and you enable.
  • Participate in a promotional site, either ours or via the Promoter direct and we are administering that promotion.
  • Communicate with us by telephone, email or via social media.
  • Fill in forms, surveys, or questionnaires.
  • Seek or obtain employment with us or contract with us in some way.

How we use your personal data

We will only use your personal data for the purpose we received it. We use the information we collect, in our role as data controller, to meet our legal obligations, provide services to you and to understand your needs. This could be personal data from business prospects or contacts, and employees so that we can:

  • Communicate with you, telephonically, by email or via social media.
  • Marketing our business to you with your consent.
  • Improve our services through knowledge of what is used by you and how you use it.
  • Administer promotions we may be running.

Additionally, we may also use your information and if required, share it, when:

  • Investigating complaints.
  • Complying with our legal, regulatory, and corporate governance obligations.
  • Ensuring business policies are adhered to, such as policies covering email and internet use.
  • Checking references, ensuring safe working practices, monitoring, and managing staff access to systems and facilities and staff absences, return to work procedures, administration, and assessments.

However, we also receive personal data in our role as a data processor, for a client, the Promoter, or their agency in relation to promotions they are running. These functions will be part of our services to the Promoter, and their Privacy Policy would apply to your personal data.

We administer client promotions and may perform statistical reporting on how the portion performed.  Depending on the services we are providing we may:

  • Gather and process entry data
  • Select winners and reserve winners
  • Communicate with entrants or winners about that promotion and their prize
  • Fulfill any prizes that may be won
  • Analyze how the promotion performed and report on it.

Will your personal data be shared?

We do not sell any personal data to third parties nor do we share your personal data with third parties except with our carefully selected service providers so that they can carry out specific functions on our behalf. For example, we might share it with the company that helps us with our IT system, or a fulfilment house that is arranging the delivery of your prize. We will always ensure that we only provide personal data that is necessary for the service being provided and they are prohibited from using any of this personal data for any other purpose.

Your Payment Information

We do not store any payment information unless it is a requirement of a promotion we are administering, or we will be paying you for services or your employment.

How do we store your personal data?

We are committed to protecting the privacy and confidentiality of your personal data. We use physical, electronic, and procedural safeguards to keep personal data secure against loss or misuse, including

  • encryption
  • third party audits
  • secure back-ups
  • access controls and compliant confidential waste disposal
  • security passwords, and two factor authentications
  • firewalls and security software
  • security testing.

Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that if applicable you keep personal login details safe, and your devices protected from unauthorised access.

How long we store your personal data for

Where we are administering a promotion for a client, they are the data controller and their privacy policy and thus their data storage period, will apply. In other cases, it will be no longer than necessary, usually one year from the date of last use.  However, what is necessary will depend on the circumstances of each case, considering the reasons that your personal data was obtained, our legal obligations and if we are still providing goods or services to you. In limited circumstances we may retain your information after your formal relationship with us has ended.

Application of Policy

This Policy covers all PromoVeritas entities and all employees who may process information on our behalf. We will ensure that they are familiar with this Policy, comply with its terms, receive adequate privacy training based on the Data Protection Act of 2018.

Marketing to you

As a business prospect or contact, we may send you marketing information about our products or services, but we will only do so when we have your consent or where we have a legitimate interest in doing so and where this is reasonable and proportionate. Our business marketing is done in the commercial interest of our respective businesses and our marketing strategy includes surveys, newsletters, emails as well as invitations to webinars and training events. You have the right at any time to stop us from contacting you for marketing purposes.

We do not conduct any form of marketing of our services to those whose personal data was obtained via entry into a client promotion.

What are your data rights?

You have the following rights, but these may only be available under certain conditions:

The right to access – you can ask us for copies of your personal data

The right to rectification – you can request that we correct any information you believe is inaccurate. You also have the right to ask us to complete information you believe is incomplete

The right to erasure – you can request that we erase your personal data

The right to restrict processing – you can request that we restrict the processing of personal data

The right to object to processing – you can object to us processing of personal data

The right to data portability – you can request that we transfer the personal data we have collected to other organisations, or directly to you.

If you make a request, we will have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email address or call us on the details below.

Transferring Data Internationally

As our clients operate globally and run international promotions, it may be necessary to transfer an individual’s personal data internationally to deliver our services.  The Privacy Policy of the Promoter who is the data controller will apply in this case. We might, for example, use Mail Chimp in the future and we’d only do so if we are satisfied that our legal obligations are met.

What are Cookies?

We use cookies and similar technologies, (“Cookies”) to personalise and improve your customer experience as you use our website. Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our website, and to improve your customer experience. Cookies can also be used help us determine visiting patterns and to detect fraudulent activity or to prevent security breaches and so we may record information about your device within the cookie. We make use of compliant cookie banners to be transparent and allow you to make choices about the cookies we use.

If we are using non-essential cookies on our website, we will always gain your consent before these cookies are enabled. Our Cookie Policy and Cookie Banner have more information on this.

If you disable or refuse non-essential Cookies, you will be able to use the website, but you cannot disable the essential cookies we need to make the website operate correctly. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access Cookies.

Our Cookies Policy

Our Cookies Policy can be found on our website.

Third-Party privacy policies and other websites

Clicking on links on our website may take you to a third-party website.  At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to all information that you provide. It is important at that point to read that third party’s privacy and cookie policy as we do not accept any responsibility or liability for websites of other organisations.

Changes to our Privacy Policy

We may supplement or amend this Policy from time to time. Any new or modified Policy will be circulated to staff before being adopted or appearing on our website.

How to contact us

Please contact us at:

Post: PromoVeritas, Information Security Manager, Monument House, 215 Marsh Road, London, HA5 5NE

Email: Infosec@promoveritas.com

Telephone: +44 20 3325 6000

How to contact the appropriate authority

We’d like the chance to resolve any complaints you have; however you also have the right to complain to the UK data protection regulator (the “ICO”) about how we have used your personal data. Their website is here.