Privacy & Cookie Policy

Updated 07.01.2022

At EBII Group Limited, we respect your privacy and are committed to protecting your personal data. In this policy, we explain how we collect and use your personal information when you visit our website, use our services or otherwise contact us.

Please note that links from our website may take you to external websites which are not operated by us or covered by this policy. We recommend that you check their privacy policies before submitting any personal information to other sites.

About Us

We are EBII Group Limited (company number 11739216) and we are based at Buxton Court, 3 West Way, Oxford, England, OX2 0JB (collectively referred to as “we”, “us” or “our” in this privacy policy).

We are the data controller for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), which means that we decide how and why we use your personal data within our business.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO, Adjoa Adjei-Twum at [email protected].

If you have any questions about your privacy on our website, or our use of your personal data, please contact us.

What personal information do we collect, and how do we use it?

You are not required (by law or by any contract with us) to provide personal information to us via our website. We will only require you to provide personal information to us where it is necessary for us to provide you with a service at your request.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Providing our Services

We will collect personal information about you if you enquire about, or purchase, the products and services that we offer, and if you subscribe to our newsletter and/or email notifications. This may include:

• Information to identify you, such as your full name, date of birth, age, gender, occupation and employer, where relevant.
• Contact information, such as your billing address, postal address, email address and telephone number.
• Account details, such as your chosen username, domain name, user ID and account credentials (email and password).
• Financial Data, such as bank account and payment card details.
• Transaction Data, such as details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data, such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Profile Data, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data, such as information about how you use our site and services.
• Marketing and Communications Data, such as your preferences in receiving marketing from us and our third parties and your communication preferences.
• Additional information relevant to your use of our services such as if you apply for one of our executive training courses, your CV, including details of your education, organisation, employer and employment history.
• Any additional information that you choose to provide to us, when you get in touch.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We have a legitimate interest in efficiently and effectively managing and operating our business, and improving the services that we offer, to give you the best customer experience that we can. As a customer, we sometimes need to use your personal information to do this. We also need to use this information to perform our obligations when we enter into contracts with you. We will use your information so that we can:

• Provide you with information about our products and services and your contracts with us.
• Register you as a new customer or member.
• Verify your identity.
• Deal with any complaints you may have.
• Administer your orders and take payments, including recovery of debt.
• Contact you about any changes that we make to our products or services.
• Improve the services that we offer, including the performance of our systems, processes and our people.
• Administer our website, including troubleshooting problems, analysing statistics, conducting research and tests and keeping the site secure.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Promoting our Services

We may use the personal information that we hold about you (such as your name and email address) to identify and tell you about our products and services that we think may be of interest to you. This includes our newsletter.

If you are a customer or we have provided you with a quote, we may also contact you with information about similar services that we offer.

We have a legitimate interest to use your personal information in this way to promote our services and further our business, but you may contact us at any time to let us know if you do not wish to receive these messages.

If you’re not a customer, we will not use your personal contact details for marketing purposes unless you have given us consent to do so, and you may withdraw your consent or update your preferences at any time by contacting us.

Information we collect on our website

We collect information using cookies and other similar technologies to help distinguish you from other users of our website, including using Google Analytics. These can streamline your online experience by saving you from re-inputting some information and also allow us to make improvements to our website. For more information about how and why we use cookies, please take a look through our Cookie Policy section below. When you visit our website, we may collect the following information:

• Which pages you view and which links you follow.
• Your IP address and general location.
• Details of the hardware and software that you are using to access the site.
• Any passwords or login credentials that you use on our website.
• A device identifier (cookie or IP address) for fraud prevention.
• Details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, web logs and other communication data.

Our website is not intended for children and we do not knowingly collect data relating to children.

Keeping in touch

We need to use your personal information whenever you contact us, whether via the website, email, phone or post, including if you tag us in any posts or otherwise engage with us on social media. We also need to use your information to let you know about any important changes to our business or policies (including this privacy and cookies policy). We have a legitimate interest to use your information in this way and, in some cases, this may be necessary for our performance of a contract with you or to comply with our legal obligations.

Information we receive about you from other sources

Sometimes you will have given your consent for other websites, services or third parties to provide information to us. This could include information we receive about you if you use any of the other websites that we operate or the other services that we provide, in which case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data. It could also include information from third parties that we work with to provide our services, such as payment processors, technical support and communications companies, online survey companies and advertising companies. Whenever we receive information about you from other third parties, we will let you know what information we have received and how and why we intend to use it.

How else might we use your personal data?

In some cases, we may collect personal information about you from other sources. This may include:

• Publicly available information from sources such as Companies House and the Electoral Roll.
• Information you have shared publicly, including on social media.
• Information from third party databases, such as credit reference agencies.

This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy.

We may use your information where it is necessary for us to do so in order to meet our legal obligations or to detect and prevent fraud, money-laundering and other crimes. We may also use your information where it is necessary to protect your interests, or the interests of others, or in accordance with our legal obligations. This may include in the event of criminality such as identity theft, piracy or fraud.

We will only use your personal information for the purposes we collected it for (as explained in this policy) unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Who do we share your personal information with?

We share the information that you provide to us with our staff so that we can manage our business and provide our services to you. We may also share your information with selected third parties, such as:

• Our web hosting provider, DigitalOcean and Cloudflare, to host the website and related services and applications.
• Our suppliers and distributors.
• Third party training course and training certification providers, such as the University of Oxford’s Saïd Business School.
• Hubspot CRM, to help us manage our customer relationships and to track engagements via emails, instant messages, social media messages and SMS messages
• Our IT provider Cuellar Vaga Design.
• Our marketing service provider called Hellogenius
• Third party project management firm during the annual EBII Africa IRC Summit Whatifevents
• Payment service providers, for making and receiving payments. We use Stripe and Paypal to process membership and training course payments e.g. to take card and other payments and/or managing our invoicing processes.
• Third party survey platforms, such as Survey Monkey.
• Third party video communications platforms, such as Zoom.
• Our trusted professional advisers such as lawyers and accountants, where appropriate.

We may disclose your information to other third parties where we believe that the disclosure is:

Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings.

Necessary to protect the safety of our employees, our property or the public.

Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.

Proportionate as part of a merger, business or asset sale (in the event that this happens we may share your information with the prospective seller or buyer involved).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Sharing your information outside the UK and/or EEA

The UK has strict data protection rules under the UK GDPR and Data Protection Act 2018, which are reflective of the rules that all countries within the EEA subscribe to under the EU GDPR. Where personal data is shared outside of the UK and/or EEA, it may not be afforded the same protection and the same rights may not be available to you.

We will only share your data with parties outside of the UK and/or EEA where there are appropriate safeguards in place to protect your data and ensure that you have the same rights as you would in the UK. This may be on the basis of an “adequacy decision” adopted by the UK Government, or through robust contractual obligations with the receiving party.

How long do we keep your personal information?

We will only store your personal information for as long as we need it for the purposes it was collected for. For example, payment information will only be held for as long as necessary to process the transaction. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

Where we provide you with any service, we need to retain the information we hold about you for at least as long as we continue to provide that service to you.

If you are a customer, we may retain the information we hold about you, including your contact details, order history and correspondence, for a period of five (5) years from our most recent engagement with you.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Thereafter, and in all other circumstances, we will only keep your information for as long as is strictly necessary to allow us to achieve the original purpose for which that information was collected.

Protecting your personal information

We put in place appropriate security measures to keep your personal data secure and to prevent unauthorised access.

We try to ensure that all information you provide to us is transferred securely via the website (we recommend that you always check for “https” in the URL and the padlock symbol in your browser, to indicate a secure connection). Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

All information you provide to us is stored on third party secure servers. We use DigitalOcean (Servers based in the United Kingdom) for the hosting our website and storing login information, HubSpot (servers based in the USA and Germany) for storing customer information in our CRM database, Survey Monkey (servers based in USA and Canada) for collecting survey responses, and Zoom (servers based in USA) to manage Webinar participants.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

What rights do you have?

You have a number of rights in respect of your personal data. If you would like any further information or to exercise any of your rights, please contact us. In most cases, we will not charge you any fee if you wish to exercise any of these rights.

The right to be informed

We have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information and our use of it. We have written this policy to comply with this right, but please contact us if you require further information.

The right to access your personal data

You have the right to ask us to confirm whether or not we hold any of your personal data. If we do, you have the right to access a copy of your data, as well as information about how, and why, we use it. In order to prevent your data being disclosed to someone who is not authorised to access it, we may have to verify your identity before we provide you with a copy of the data that we hold.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. Please contact us if you wish to request access to our data.

The right to correct any inaccurate or incomplete personal data

If the information that we hold about you is inaccurate or incomplete, you have the right to require us to correct that data (or complete it by supplementing it with other information).

The right to be forgotten

• You have the right to require us to delete or destroy your personal data in the following circumstances:
• The information is no longer needed for the purposes we collected it for. Where we rely on your consent, and you withdraw that consent.
• You object to us using your information for marketing purposes, or for our legitimate interests, and we have no overriding reason to keep using it.
• We have used your information unlawfully.
• We are required by law to delete your information.

If these situations apply, you may contact us to request that we erase your data from our systems.

The right to have your data transferred to you or a third party in a common format

Where your personal data is processed by automated means, you may have the right to obtain a copy of your personal data in a structured, commonly used and machine-readable format, and to ask us to transfer this data to another organisation in a safe and secure way.

You have the right to object to direct marketing

You can ask us at any time to stop using your information for direct marketing purposes, even if we do not rely on your consent to do this. You may exercise this right by following the instructions in any of the emails that we send to you, or by contacting us.

The right to object to us using your information for our own legitimate interests

Sometimes, we use your personal information to achieve goals that will help our business – these are our legitimate interests, and they are explained in more detail in this policy.

We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the

right to object to our use of your data in these ways. If you do object to this, unless we have a compelling reason to continue we will stop using your personal data for these purposes.

You have the right to restrict how we use your personal data

You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:

You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify or update this.

You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection.

We have used your information unlawfully, but you do not want us to delete it.

We no longer need to use the information, but you need it for a legal claim.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy. This version was last updated on [07/01/2022] and historic versions can be obtained by contacting us.

Cookie Policy

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

What is a cookie?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

How do we use cookies?

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We use Google Analytics to provide anonymous statistics on how our site is used. Some performance cookies may be placed and managed by third parties.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties (including, for example, providers of web traffic analysis services such as Google Analytics) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

Your cookie preferences

We understand that not everyone wants to see targeted adverts or contribute to statistics on website use. When you first visit our website, you will be asked to confirm which types of cookies you agree to us using. You cannot disable cookies that are strictly necessary for our website to operate correctly, but we will not place other cookies unless you agree.

You can change your cookie preferences on our website at any time by managing your user account on our website or by deleting cookies and site data for our websites from your browser. For more information on how to delete cookies, please check your web browser’s help section.

You can also configure cookie settings in your web browser to prevent first party cookies (from our website) and/or third-party cookies (from other websites) from being used when you visit our website. You can find out more about how to do this at the following links:

• Chrome
• Firefox
• Safari
• Opera
• IE and Edge

However, please bear in mind that if you don’t allow us to use certain cookies it may prevent you from accessing parts of our website or result in a loss of functionality which degrades your experience of the website.

What cookies do we use?

We use the following cookies on the website – these are cookies that we place on your device (and they will show as being placed by our domain, ebiigroup.com).

Cookie Name	Cookie Description	Expiration
wordpress_test_cookie	This cookie checks whether or not cookies are enabled.	Session
__cfduid	The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID, and does store any personally identifiable information.	Persistent
_ga	This cookie is used by Google Analytics to distinguish users	Persistent (2 Years)
_gid	This cookie is used by Google Analytics to distinguish users	Persistent (24 Hours)
_gat	This cookie is used by Google Analytics to throttle request rate.	Persistent (1 Minute)
__hs_opt_out	This cookie is used by theopt-in privacy policy to remember not to ask the visitor to accept cookies again.	Persistent (13 Months)
__hs_initial_opt_in	This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.	Persistent (7 Days)
__hssc	This cookie is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.	Persistent (30 Minutes)
__hssrc	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.	End of Session
__hstc	The main cookie for tracking visitors.	Persistent (13 Months)
hubspotuk	This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts.	Persistent (13 Months)

The following third party cookies are also used on our website – these are cookies that are set by external websites (and will show as being placed by another domain).

Domain (website)	Cookie Name	Description	Expiration
.google.com	NID, SIDCC, _GRECAPTCHA, __Secure-3PAPISID , __Secure-3PSID, __Secure-3PSIDCC	We use Google APIs and services (Google Maps, YouTube and ReCaptcha) to add rich media functionality to our website and provide spam protection.	The longest lived of the cookies expire 10 years after your last visit to a page containing an API service call, although most expire sooner.
hubspot.com, hubspot.net, hs-analytics.net, hsforms.net, hs-scripts.com, usemessages.com	__cfduid, __cfruid, __hs_cookie_cat_pr ef, __hs_do_not_track, __hs_initial_opt_in, __hs_opt_out, __hssrc, __hstc, cf_clearance, csrf.app, hubspotapi, hubspotapi-csrf, hubspotapi-prefs, hubspotutk	We use HubSpot to analyse your usage of our site to measure and improve its performance.	The longest lived of the cookies expire 2 years after your last visit, although most expire sooner or after your session. For more information regarding individual cookies, please visit https://knowledge.hubspot.c om/reports/what-cookies-do es-hubspot-set-in-a-visitor-s -browser
linkedin.com, www.linkedin.com, ads.linkedin.com	AnalyticsSyncHistor y, bcookie, lang, li_gc, li_mc, liap, lidc, lissc, lms_ads, lms_analytics, sdsc, UserMatchHistory	Help advertisers determine how many times people who click on their ads end up purchasing their products or performing a particular action (e.g. submitting a form, watching a video, downloading a PDF, etc). These cookies allow LinkedIn and the advertiser to determine that you clicked the ad and later visited the advertiser’s site. Conversion cookies are not used by LinkedIn for personalised ad targeting and persist for a limited time only.	The longest lived of the cookies expire 2 years after your last visit, although most expire sooner or after your session. For more information regarding individual cookies, please visit https://www.linkedin.com/le gal/l/cookie-table
facebook.com	c_user, datr, fr, sb, spin, xs	We use Facebook to analyze your usage of our site to measure and improve its performance.

For more information about how cookies are used in connection with Google Analytics please click here. To opt out of being tracked by Google Analytics across all websites, click here.

There’s also a lot of good information about cookies available online. For more information about cookies generally, visit allaboutcookies.org.

Complaints

If you wish to make a complaint about our collection or use of your personal data, please contact us in the first instance so that we may seek to resolve your complaint.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the statutory body which oversees data protection law in the UK. Please visit the ICO website if you wish to lodge a complaint with the ICO. If you are based in another European Union member state, you may instead lodge a complaint with the supervisory authority in your country.

Contact Us

If you wish to speak to us regarding your privacy, or our use of your personal data or cookies, please contact us using the following details:

Post: EBII Group Limited, Buxton Court, 3 West Way, Oxford, England, OX2 0JB.

Email: [email protected]

Website: https://www.ebiigroup.com/