Privacy and Data Protection Policy

Tanker

Asdem Privacy and Data Protection Policy – 21 May 2018


Who we are

We are Asdem Limited, an independent consultancy with offices located throughout the world. While each of our offices may, from time to time, receive your personal data all Asdem offices are strictly governed by the privacy policy contained in this statement.

The address of our head office is Kemp House, 152-160 City Road, London EC1V 2NX, United Kingdom. You can contact us by post at the above address, by email at info@asdem.com or by telephone on +44 (0) 207 566 3981.

We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to our Controller's Representative. Full contact details for our Controller's Representative can be found under the "Accessing and controlling your information" section at the end of this document.


Introduction and General Terms

Asdem Limited is committed to protecting your personal information when you are using our website and services. As such, this Privacy and Data Protection Policy tells you about the information we collect from you when you use our website and by various other means.

In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use any personal data collected by this website, by phone, text, emails, letters or business cards, and about the rights you have over your data.

In order to provide you with the full range of services Asdem Limited provides, we will often need to collect information about you. This Privacy Policy discloses a comprehensive amount of information regarding our website in general and our data collection/protection policies in particular including the following topics:

  • What information Asdem Limited may collect about you and how;
  • How Asdem Limited will use information we collect about you;
  • When Asdem Limited may use your details to contact you;
  • How Asdem Limited protects the data we collect
  • Whether Asdem Limited will disclose your details to anyone else;
  • Your rights regarding the personal information you provide to us;
  • Accessing and controlling your information

Your personal information will be processed in accordance with Data Protection Legislation and in accordance with Our Privacy Policy which is hereby incorporated into this Agreement. "Data Protection Legislation" means the Data Protection Act 1998, and from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), and any legislation which amends, extends, consolidates, re-enacts or replaces same, including any additional legislation or regulations that may be made from time to time.

The information you provide will be held in accordance with the Data Protection Act and may be used by Asdem Limited and its agents to supply whatever information and/or services which you have requested.


When you use our website

When you use various websites to browse the products, services and information displayed, it is common practice for "cookies" (simple text files that are stored on a user’s computer hard drive) to be used to allow the website to collect useful information about visitors and to help enhance the user's overall experience while they are using the website.

For those concerned about such matters, Asdem Limited does not implement the use of cookies on their website for user-tracking, recognition, information gathering or any other purpose.


Links to other websites

Our website may contain links to third parties’ websites. Please note that these websites are not covered by this Privacy Policy and, since Asdem Limited does not have any control these third-party sites, we cannot be responsible for the protection and privacy of any information which you may provide to them. We would recommend that you should exercise caution when accessing these sites and examine their privacy policy statements before deciding to provide any information to them.


What data is collected from our website and other sources?

Asdem Limited may collect personal information from you when you register for a public training or event, attend in-house training sessions, or when you send us an email enquiry.

As noted in the sections below, we may ask you for personal information such as your name, company name, email address, postal address, postcode, job title, direct and/or mobile phone number, workplace location and the nature of your business. You may also voluntarily provide us with personal information about any special needs you may have so that we can try to ensure that our services meet your requirements.


When you submit an enquiry via our website

When you submit a general information enquiry via our website, we use a simple "mail-to" link which initiates a response from your email client which will allow you to contact us regarding various services or subjects.

For these types of general information requests, this website does not use any mechanism of any type to collect personal data. After your email is received we may capture your email signature line information to respond to your request and – if we receive your explicit consent – add your signature line data to our general mailing list. We may also email you several times after your enquiry to follow up on your request and ensure that we have answered your enquiry to your satisfaction. We will do this based on our legitimate interest in providing you accurate information in relation to your request.

General enquires of this type are stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA).

We do not use the information you provide to make any automated decisions that might affect you without out your explicit consent.

We keep email enquiries for two years, after which they are securely archived and kept for seven years, when we delete them. CRM records are kept for three years after the last contact with you.


When you register for training services from our website

When you register for training services from our website, our registration process requires your name, company name, company VAT number, address, department, professional title, contact number and email address.

We will use your information as a means of officially registering your attendance at one or more Asdem trainings or events as well as to send you joining documents and other training related paperwork by email for the event as required. We use your email address and telephone number to contact you if we have an inquiry in relation to your attendance at our events.

Your information is stored on one of the servers of our web hosting service provider based in the United Kingdom.

We do not use the information you provide to make any automated decisions that might affect you with the exception of informing you of additional trainings and events that are aimed at advancing your professional knowledge and position within your chosen field.

While we will keep your training registration information for an indefinite period - as the licenses for the training materials you receive do not expire – you may withdraw your consent to receiving information on up-coming trainings and events at any time and we will stop sending you this information. If you withdraw your consent, we will mark your details so that they are not used and delete them after two years.


When you subscribe to our newsletter

When you sign up to receive our newsletter, we ask for your name and your email address.

We will ask for your consent to use your name and email address to email you our newsletter which contains information about important industry information that may be useful to you as an oil industry professional.

You can withdraw your consent at any time and we will stop sending you the newsletter.

Your name and email address are shared with a third-party mailing system which is based in the United States. This company has contractually committed to providing appropriate safeguards for your personal data which means it will be protected in line with the legal requirements of the European Union.

We do not use the information you provide to make any automated decisions that might affect you.

We keep your personal data for as long as we produce and distribute our newsletter. If you withdraw your consent, we will mark your details so that they are not used and delete them after two years.


When you download documents form our Resources section

We do not request any personal data when you download any of our sample documents from the Resources section of our website.


When you take part in our feedback survey

When you take part in our feedback survey at the end of each public training, we do not capture any of this information in a data archiving or retrieval system, nor do we process this information in any way.


How will your data be used?

We use the personal information we collect for the purposes of:

  • Keeping internal records;
  • Providing, developing, improving and personalizing our services;
  • Providing you with information about our services;
  • Improving our services;
  • Sending promotional emails about up-coming trainings and events, social events, legal update newsletters, special offers or other information you have requested;
  • Contacting you by email or phone for market research purposes;
  • Addressing with your inquiries and requests;
  • Administering orders and accounts relating to our customers;
  • Through the use of IP address information, we may want to identify the general location of users, analyse the participants from different countries and to determine whether a user is accessing our services from the UK or not;
  • Monitoring and analysing website usage; and
  • Analysing and improving the services offered on the website.

Asdem Limited may use the personal information collected via our website to provide you with electronic Asdem mailers for marketing purposes or to inform you of our trainings, conferences, social events, promotions or to changes to our Services. If you register on the website for our newsletter service, we may use the personal information collected to also send you information about the other services we provide.


When will we contact you?

Asdem Limited may contact you:

  • In relation to any service, event, training, conference or online activity you have registered for in order to ensure that Asdem Limited can deliver the services to you;
  • Where you have opted to receive further correspondence;
  • To invite you to participate in surveys about Asdem Limited services (participation is always voluntary); and
  • For marketing purposes. Asdem Limited focuses on providing you with the knowledge, skills and tools for your professional development and we will contact you for specific marketing purposes that fulfil this objective. These include the promotion of new services, activities, and invitations to events and conferences. You may opt-out of receiving Asdem Limited marketing by contacting us.

Who will your information be shared with?

Any personal information you provide will be held securely and your personal information will not be sold or traded to third parties. In some circumstances we may need to disclose your personal information: (i) to a third party to provide a service you have requested, (ii) to fulfil a request for information, (iii) to comply with a legal requirement or request from a competent court, regulator or other authority, or (iv) if We believe that there has been a violation of the Terms, of our rights or the rights of any third party.

Asdem Limited employs some third parties to deliver online and offline services (e.g. mailing services, website management suppliers, monitoring and analysing website statistics) and requires these third parties to strictly comply with instructions that they do not use your personal information for their own business purposes.


How long will we keep your personal information?

We will hold your personal information on our systems for as long as is necessary or for as long as it is reasonably required for the purpose(s) for which it was submitted. Some content submitted to, or shared with, Asdem Limited may be retained for prolonged periods of time or potentially indefinitely in an archive for internal record-keeping purposes.

The retention period of the data will be reviewed on an annual basis.


Where will we store your data?

Asdem Limited is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. We also regularly use Campaign Monitor, a fully GDPR compliant service provider located in the US, for the sole purpose of processing the data you have consented to so that we may notify you of our professional trainings and workshops, conferences, social events and newsletters. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted through third party vendors. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.


How is your data protected?

The privacy, confidence, and trust of our visitors is of paramount important to us. Upon your consent, Asdem Limited uses Campaign Monitor for the external storage and consented use of your data (as outlined in How your data will be used, below).

Campaign Monitor provides the following security measures to protect our contact lists:

  • Dedicated security team

  • Data storage and processing locations

    Data is stored in a US-based data center. In addition, they use multiple data processing locations including USA, Australia and Germany. They also use Fastly as an external content delivery network, which is used for content caching. Fastly’s locations are available here: www.fastly.com/network-map .

  • Security policies

    Campaign Monitor's security policies are aligned with the ISO 27001 standard. The firm uses the NIST Cyber Security Framework to measure our ability to identify, protect, detect, respond and recover from security events.

  • Awareness and training

    All Campaign Monitor staff and contractors go through a vetting process where they are subject to background checks and confidentiality agreements and ongoing security awareness training.

  • Physical security

    Physical controls designed to prevent unauthorized access to, or disclosure of, customer data.

  • Data center controls

    Campaign Monitor data centers are monitored 24×7 for all aspects of operational security and performance. They are also equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, keycards, and around-the-clock interior and exterior surveillance.

    In addition, access is limited to authorized data center personnel; no one can enter the production area without prior clearance and an appropriate escort. Every data center employee undergoes background security checks.

  • Data center compliance

    A combination of regular scheduled scans of their application, as well as penetration testing and bug bounty programs, to ensure that every area of our application has undergone rigorous security testing are carried out. They also implement scheduled vulnerability assessment scans to simulate a malicious user, while maintaining integrity and security of the application’s data and its availability.

  • Security controls

    Neither do we nor our software service providers give, rent, or sell access to your data to anyone else, nor do they make use of it themselves for any purpose other than to provide the relevant services. Each account’s data within a unique identifier, which is used to retrieve data via the application or the API. Each request is authenticated and logged.

  • Secure code development

    Campaign Monitor follows industry best practices and standards such as OWASP and SANS.

  • Data encryption

    Campaign Monitor data is encrypted in transit by supporting TLS 1.0, 1.1 and 1.2. Data at rest is also encrypted using AES-256 encryption.

  • User access

    Campaign Monitor's password storage and verification are based on a one-way encryption method, meaning passwords are stored using a strong salted hash. Email addresses are validated against a strong salted hash, stored along with the email. The databases are further protected by access restrictions, and key information (including our password) is encrypted when stored. Data is provided to and stored directly into the Campaign Monitor application via their API which uses secure transfer protocols.

  • Logging and cookie management

    Campaign Monitor uses cookies for user authentication and session IDs to identify user connections. Those session IDs are contained in HTTPS-only cookies which are not available to access via JavaScript. All key actions on the application are logged and audited.


How is your data protected locally?

All Asdem Limited PCs having access to the Campaign Monitor data are protected by up to date malware and anti-virus software. The PCs itself are physically protected by password and located in manned or alternatively locked offices monitored by CCTV. When not in use, the PCs are switched off and disconnected from the Internet.


What will be done in the event a breach is detected?

While unlikely, as soon as Asdem Limited becomes aware that a personal data breach has occurred, we will notify the supervisory authority of the breach without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach might result in a risk to the rights and freedoms of the individual.


Your rights as a data subject

By law, you can ask us what information we hold about you, and you can ask us to correct any information if it is inaccurate.

If we have asked for your consent to process your personal data, you may withdraw (opt-out) of your consent at any time by selecting the “Unsubscribe” option at the bottom of any of our email campaigns or by sending us an email at events@asdem.com.

If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.

If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling.

To submit a request regarding your personal data by email, post or telephone, please use the contact information provided in the Accessing and controlling your information section, below.


Accessing and controlling your information

Pursuant to the Data Protection Act 1998, and from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), you may exercise any of your rights specified in the Your rights as a data subject section by addressing your concern or request to our Web and Data Protection Team using the contact details shown below.

Asdem Limited
ATTN: Web/Data Protection Team
Kemp House
152 - 160 City Road, London, UK, EC1V 2NX
Email: events@asdem.com
Tel: +44 (0) 207 566 3981

Alternatively, you may also contact our Controller's Representative, Cole Kuryakin, at ckuryakin@asdem.com


Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. Our full contact details are shown above. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner's Office
Wycliffe House
Water Lane, Wilmslow, Cheshire, SK9 5AF


Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

Privacy Policy Version: 1
Privacy Policy Date: 21 May 2018

We will update the version number and date of this document each time it is changed.