Privacy Notice

Last updated: 22 June 2023

How to use this Privacy Notice

This notice is layered, so you can easily find the information that is applicable to you. Please click the headings or subheadings to read the full text.

There is a Glossary of terms at the end of this document.

Introduction – please read me

Please read this Privacy Notice and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information.

This Privacy Notice supplements the other notices and is not intended to override them.

We do not and will not sell your data to third parties.

Who are we?

We are Polaris UK Ltd. (“Polaris”), a company incorporated and registered in England and Wales with company number: 02911441, whose registered address at New London House, 6 London Street, London EC3R 7LP.

Polaris is the controller of the personal data that we process, or that may be processed on our behalf, in connection with this website.

Our EU representative

We have appointed Inse-Com Limited (“Inse-Com”) to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our representative at [email protected] or write to them at 3rd Floor Kilmore House, Park Lane, Spencer Dock, Dublin 1.

The information that we collect from you

We may collect, use, store and transfer different kinds of information about you, depending on our relationship with you, including:

Identity data

Includes first name, last name, title and gender.

Contact data

Includes your work address, work email address and work telephone number(s).

Location data

We may collect your location data from your IP address, address and telephone codes.

Transaction data

Includes details about payments to and from you and other details of services you have purchased from us. Details of surveys or research you have participated in.

Technical data

Includes IP address, your login data, browser type and version, time zone setting and location, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website.

Profile data

Includes your email and password, the services you have used on our Website, feedback, survey responses and such information as you provide to us.

Usage data

Includes information about how you use our Website and the services you use.

Candidate data

Includes information you have provided to us in your curriculum vitae, covering letter and/or application form, including name, title, address, telephone number(s), personal email address, date of birth, gender, employment history, qualifications.
This also includes any information you provide to us during an interview.

Marketing and communications data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Special Category Personal Data

Special Category Personal Data is personal data that needs more protection because it is sensitive, and we may collect this type of personal data from you in the course of providing you with our services or during our interactions with you.

We use different methods to collect data from and about you, including:

Personal Data provided directly by you.
When you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, purchase products or services via our website, post material to our website and complete customer surveys or participate in competitions via our website, and
Personal Data collected indirectly by you.
Such as your browsing activity while on our website; we may collect information indirectly using the technologies explained in our cookies policy.

Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

where you have given consent
to comply with our legal and regulatory obligations
for the performance of a contract with you or to take steps at your request before entering into a contract, or
for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us.

The table below explains what we use your personal data for and why.

LAWFUL BASIS

PURPOSE EXAMPLES

Contractual

We use your Personal Data on the basis that it is necessary for us to provide our services and products to you.

When you sell or purchase a service, you are entering into a contract with us.

Onboarding

When you register as a new client, or supplier and we interview and onboard you.
We may use the following business personal data:

Identity data
Contact data
Location data
Transaction data
Technical data
Profile data
Marketing and communications data

Service delivery

In order to be able to deliver our services or receive services in physical or digital form.
We may use the following business personal data:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data

Account administration

When we administer your account, take, or receive payment, deal with any transaction, respond to your queries, refund requests and complaints.
When we collect and recover money owed to us (usually from clients).

We may use the following business personal data:

Contact data
Location data
Transaction data
Communications data
Usage data

Relationship management

To manage our relationship with you, which may include:

Notifying you of changes to our terms or Privacy Notice;
Notifying you of changes to any services;
Processing purchase orders; and
Asking you to leave a review.

We may use the following business personal data:

Identity data
Contact data
Location data
Transaction data
Technical data
Profile data
Marketing and communications data

Communication

To be able to contact you regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.

We may use the following business personal data:

Identity data
Contact data
Profile data
Marketing and communications data

Handling the information you submit to us enables us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout our contractual relationship.

Legitimate interest

When we rely on this, we will carry out a Legitimate Interests Assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under Data Protection Law.

Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.

Managing our business

We hold Personal Data for our own legitimate business interest. This relates to us managing our business to enable us to give you the best service/products and most secure experience, including when we respond to your queries and complaints, where you are not a client or supplier, or a potential client or supplier.

We may use the following personal data:

Identity data
Contact data
Technical data
Profile data
Marketing and communications data

Provide and maintain our Websites

To provide and maintain our Website, including to monitor the usage of these, troubleshooting, data analysis, network security and system testing necessary for our legitimate interests in maintaining the useability, security and integrity of our website.

We may use the following personal data:

Identity data
Location data
Transaction data
Technical data
Profile data
Aggregated data

Recommendations and marketing

To make recommendations to you about services that may interest you. We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data

To measure and analyse the effectiveness of the advertising we serve you. We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data

Ensuring that our marketing is tailored to your interests and to keep our records up to date and to provide you with marketing as allowed by law. We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data

To make suggestions and recommendations to you about goods or services that may be of interest to you and necessary for our legitimate interests (to develop our products/services and grow our business). We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data

Recruitment of candidates (contractors, employees and providers)

We will use the personal information we collect about you to assess your skills, qualifications and suitability for the work.

We may use the following personal data:

Identity data
Contact data
Location data
Candidate Data

It is in our legitimate interests to decide whether to appoint you to work since it would be beneficial to our business to appoint someone to that work.

Reviews

When we capture your service reviews, for example when you buy goods and services from us, we may follow it up with an enquiry about your experience of the service to help us gauge customer satisfaction. We may use the following personal data:

Identity data
Contact data
Transaction data
Profile data
Marketing and communications data
Usage data

Data analytics

We use data analytics to improve our Website, products/services, marketing, customer relationships and experiences. We may use the following personal data:

Identity data
Contact data
Transaction data
Profile data
Usage data

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical data
Profile data
Usage Data

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy). We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical data
Profile data
Usage Data

Rights and claims

To enforce or apply our Website terms of use, our policy terms and conditions, or other contracts. To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with. We may use the following personal data:

We may use the following personal data:

Identity data
Contact data
Transaction data
Technical data
Profile data
Usage Data

Data subject rights

Verifying your identity when you exercise your data subject rights. Fulfilling data subject rights requests. We may use the following personal data:

Identity data
Contact data
Location data
Transaction data
Technical data
Profile data
Usage Data

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise.

Legal obligations

We may use your Personal Data to comply with laws (for example, if we are required to co-operate with a police investigation after a court order orders us to).

Legal requirement

The processing is necessary for compliance with legal obligations, such as but not limited to healthcare requirements, security requirements and accounting requirements.

To comply with applicable law, for example in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Criminal activity

To detect fraudulent or criminal activity, we may share information with forces such as the police.

Consent

We may have to get your consent to use your Personal Data, such as when we collect and use Special Category Personal Data about you or when we want to send you marketing.

We will get your consent before sending third-party direct marketing communications to you via email or text message or before processing any Personal Data relating to your health.

Wherever consent is the only reason for using your Personal Data, you have the right to change your mind and/or withdraw your consent at any time by clicking the Unsubscribe button at the bottom of an applicable email or by withdrawing your consent here.

Marketing

To measure and analyse the effectiveness of the advertising we serve you.

We may collect IP addresses and store Cookies on visitors’ devices.

Sending third-party direct marketing communications to you via email, letters or phone calls.

To participate in Focus groups (in person or online), one to one interview (in person or online), online communities, customer observation / diaries (online platform), online surveys, face to face surveys, telephone surveys.

We may use the following personal data, depending on what you consent to:

Identity data
Contact data
Location data
Transaction data
Technical Data
Profile data
Marketing and communications data
Usage data
Candidate Data
Aggregated Data

Special Category Personal Data

We will get your express consent for collecting and processing Special Category Personal Data.

We will not usually collect Special category Personal data, however if we do we must, in addition to the Lawful Basis in the Lawful Basis table, process your Special Category Personal Data because of an additional condition, including You have given us your explicit consent to process that data or you have made the data manifestly public.

Commonly we will process that data on your express consent.

For more information about us using your Special Category Personal Data, please see the Special Category Personal Data table below or contact us. The ICO has some useful information here.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the Lawful Basis that allows us to do so.

Using Personal Data for marketing purposes

We may use your information to provide you with details about services.

Where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you.

You can opt out of us using your personal information for marketing purposes by following the unsubscribe link included in each marketing email or by contacting us via email

We may share your personal information with the following organisations that help us manage our business and deliver our products, applications, or services, or where we are legally obliged to share information, including with:

Business partners, our employees, contractors, consultants, agents and professional advisors.
Insurance providers.
Third parties carrying out services on our behalf, including billing, sales, marketing agencies, analytics, research, university research, data storage, validation, security, fraud prevention and legal services couriers, IT systems or software providers, IT support service providers, and document and data storage providers.
Third-party service providers to assist us with client insight analytics, such as Google Analytics;
Third-party platforms to manage and deliver customer relationship management (CRM) and to facilitate online focus groups, online community and other methods of participating in market research.
Third parties in the event of any merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our assets (including without limitation in connection with any bankruptcy or similar proceedings).
Other organisations for the purposes of fraud/crime protection and investigation.
Courts of law and government, regulatory authorities or third parties to the extent required by law, court order or a decision rendered by a competent public authority and for the purpose of law enforcement; or
Other third parties subject to your consent.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.

We will keep your Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties that have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

You should be aware that information about your use of this website (including your IP address) may be retained by your ISP (Internet Service Provider), the hosting provider and any third party that has access to your Internet traffic.

Our Website may contain links to third-party websites and plugins. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties.

We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your Personal Data will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.

We use Cookies and similar technologies like pixels, tags, and other identifiers to remember your preferences, to understand how our website is used, and to customise our marketing offerings.

Further details can be found in our Cookie Notice.

For more information on how we use cookies, please read our cookie policy.

Please note that we may send personal information outside of the EEA and/or UK generally for, but not limited to, reasons relating to processing and storage by our service providers. For example, we may have Cloud storage providers with data storage facilities in the US, Canada or other countries.

When we do this, we will ensure it has an appropriate level of protection and the transfer is made in line with Data Protection Law. Often, this protection is set out under a contract with the organisation that receives that information. You can find more details of the protection given to your information when it is transferred overseas by contacting us.

You have several rights under Data Protection Law. The rights available to you depend on our reason for processing your information and are set out in the table below. Information on your rights under Data Protection Law can also be found at https://ico.org.uk/for-the-public/.

Table of your rights

YOUR RIGHTS	DETAILS
Right to be informed	We have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. We have written this notice to do just that, but if you have any questions or require more specific information, you can contact us to exercise this right.
Right of access	You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee.
Right to rectification	You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Right to erasure	You have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons: To exercise the right of freedom of expression and information. To comply with a legal obligation. To perform a task in the public interest or exercise official authority. For archiving purposes in the public interest, scientific research, historical research or statistical purposes. For the exercise or defence of legal claims.
Right to restriction of processing	You may ask us to stop processing your Personal Data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing: The accuracy of the Personal Data is contested. Processing of the Personal Data is unlawful. We no longer need the Personal Data for processing, but the Personal Data is required for part of a legal process. The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
Right to object to processing	You have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).
Right to data portability	This right only applies if we are processing information based on your consent or for the performance of a contract and the processing is automated.

In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you.

If you are accessing our website from the UK and wish to exercise your rights or get more information about exercising them, please contact us, giving us enough information to identify you.

If you are accessing our website from within the EU, please contact Inse-Com at [email protected] to exercise your rights.

We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first and title your email “Complaint“. All complaints will be treated in a confidential manner, and we will try our best to deal with your concerns.

You have the right to lodge a complaint with a supervisory authority in the EEA member state where you work or normally live, or where any alleged infringement of Data Protection Law occurred.

The supervisory authority in the UK is the ICO, which may be contacted at https://ico.org.uk/concerns or by telephone on + 44 (0) 303 123 1113.

The supervisory authority for the Republic of Ireland is the Data Protection Commission, which may be contacted by telephone on +353 (0) 1 7650100 / 1800437 737.

Please see this list for all other supervisory authority in the other EEA member states.

Consent	The UK GDPR and EU GDPR set a high standard for consent, consent should be given by a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. What are the GDPR consent requirements? – GDPR.eu Consent \| ICO Art. 7 GDPR – Conditions for consent – GDPR.eu Recital 43 – Freely given consent – GDPR.eu
Controller	means the natural or legal person, public authority, agency or any other entity or person who alone or jointly with others determines the purposes and means of the processing of personal data. Our entry as a Controller on the ICO‘s Data protection register can be found here.
Cookies	means a small file of letters and numbers that is stored on a browser or the hard drive of a computer. Cookies contain information that is transferred to a computer’s hard drive. Controllers must have users’ informed consent before storing cookies on a user’ device and/or tracking them. For more information, please read our cookie notice. The ICO provides information about cookies here.
DPA 2018	UK Data Protection Act 2018 Data Protection Act 2018 (legislation.gov.uk)
Data Protection Law	means all applicable data protection and privacy legislation in force from time to time including the UK GDPR and the EU GDPR, the Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended, and any other legislation relating to personal data and all other legislation and regulatory requirements in force from time to time that apply to the use of personal data.
EU Representative	the GDPR requires organisations not established in the EU to appoint a representative in an EU member state (or the EEA), if (i) it is apparent that the organisation intends to offer goods or services to individuals in the EU or (ii) it monitors the behaviour of individuals in the EU (or the EEA).
EU GDPR	means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive. General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu)
ICO	means the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Home \| ICO
Information Security Risks	comprises the impacts on individuals or organisations that could occur due to the threats and vulnerabilities associated with the operation and use of information systems and the environments in which those systems operate. 10 risks to include in an information security risk assessment (vigilantsoftware.co.uk) Security \| ICO Art. 32 GDPR – Security of processing – GDPR.eu
Lawful Basis	under the EU GDPR and the UK GDPR, you must have a valid lawful basis to process personal data. Lawful Basis of processing personal data There are six lawful bases for processing personal data available: Consent: the individual has given clear consent to the processing of their personal data for a specific purpose. Contract: the processing is necessary for a contract, or because specific steps have been taken before entering into a contract. Legal obligation: the processing is necessary for compliance with the law (not including contractual obligations). Vital interests: the processing is necessary to protect someone’s life. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests. (This cannot apply if an organisation is a public authority processing data to perform its official tasks.) For more information Lawful basis for processing \| ICO Art. 6 GDPR – Lawfulness of processing GDPR: lawful bases for processing, with examples – IT Governance UK Blog Special category data Special category data is personal data that needs more protection because it is sensitive. In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR and the EU GDPR and a separate condition for processing under Article 9. These do not have to be linked.
Legitimate Interests Assessment (LIA)	is a form of risk assessment and should be conducted by an organisation when your personal data processing is based on legitimate interest. The LIA is split into three steps: Assessing whether a legitimate interest exists. Establishing the necessity for processing. Performing the balancing test. Legitimate interest assessment (LIA) \| ICO
Personal Data	this is also referred to as “personal information” and it means any information relating to an identified or identifiable natural person (‘data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data Breach	means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed Personal data breaches \| ICO Art. 33 GDPR – Notification of a personal data breach to the supervisory authority – GDPR.eu
Privacy Notice	(also sometimes called a privacy policy or fair processing notice) is a public document from an organisation that explains how that organisation processes personal data and how it applies data protection principles under Articles 12, 13 and 14 of the EU GDPR and the UK GDPR.
Special Category Personal Data	some of the personal data that organisations process is more sensitive and needs higher protection. Under the GDPR, this is known as ‘*special categories of personal data*‘, and includes information about a person’s: Race Ethnicity Political views Religion, spiritual or philosophical beliefs Biometric data for ID purposes Health data Sex life data Sexual orientation Genetic data In order to lawfully process special category personal data, we must identify both a lawful basis under Article 6 of the UK GDPR and the EU GDPR and a separate condition for processing under Article 9. These do not have to be linked. There are ten conditions for processing special category data in Article 9 of the UK GDPR. Five of these require us to meet additional conditions and safeguards set out in UK law, in Schedule 1 of the DPA 2018.
Special Category Personal Data Conditions for Processing	the conditions for processing special category data: Explicit consent Employment, social security and social protection (if authorised by law) Vital interests Not-for-profit bodies Made public by the data subject Legal claims or judicial acts Reasons of substantial public interest (with a basis in law) Health or social care (with a basis in law) Public health (with a basis in law) Archiving, research and statistics (with a basis in law) Art. 9 GDPR – Processing of special categories of personal data – GDPR.eu Special category data \| ICO GDPR \| Personal Data vs Sensitive Data: What’s the Difference? (itgovernance.co.uk)
Supervisory Authorities	means the data protection authority tasked with supervising GDPR compliance in each member state of the European Union. What are Data Protection Authorities (DPAs)? \| European Commission (europa.eu)
UK GDPR	means the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the DPA 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and other data protection or privacy legislation in force from time to time in the United Kingdom. The UK GDPR \| ICO
Website	Polaris UK Ltd and including all subdomains thereof, present and future.

Cookie	Duration	Description
__Secure-BUCKET	6 Months	The __Secure-BUCKET cookie is an HTTP cookie used by Google Translate.
AEC	180 Days	Cookie used by Google to ensure that requests within a browsing session are made by the user, and not by other sites.
Cli_user_preference	1 Year	Used to store a user's consent to use cookies on a website.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
Li_gc	6 Months	Used by LinkedIn to store a user's cookie consent preferences.
Lidc	1 Day	A cookie used by LinkedIn to help select the right data center for a user's activity.
NID	183 Days	Cookie set by Google to provide ad delivery or retargeting, store user preferences.
rc::a	Session	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on its use.
rc::c	Session	This cookie is used to distinguish between humans and bots.
SOCS	395 Days	Cookie used by Google to store a user’s state regarding their cookies choices.
Test_cookie	Session	A cookie that determines if a user's browser supports cookies. Set by doubleclick.net.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp-settings-time	363 days	Cookie set by the WordPress CMS. Used to customize user’s view of site interface.
wpEmojiSettingsSupports	Session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly.
XSRF-TOKEN	15 hours	This cookie is set by Wix and is used for security purposes.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_ga_8EF0NVDGJH	2 years	This cookie is installed by Google Analytics.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjCachedUserAttributes	Session	This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. Collected attributes will only be saved to Hotjar servers if the user interacts with a Hotjar Feedback tool, but the cookie will be used regardless of whether a Feedback tool is present.
_hjClosedSurveyInvites	1 year	Hotjar cookie that is set once a user interacts with an External Link Survey invitation modal. It is used to ensure that the same invite does not reappear if it has already been shown.
_hjDonePolls	1 year	Hotjar cookie that is set once a user completes a survey using the On-site Survey widget. It is used to ensure that the same survey does not reappear if it has already been filled in.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	365 days	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjKB	1 year	Records the status of the survey pop-up.
_hjLocalStorageTest	Under 100ms	This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.
_hjMinimizedPolls	1 year	Hotjar cookie that is set once a user minimizes an On-site Survey widget. It is used to ensure that the widget stays minimized when the user navigates through your site.
_hjRecordingEnabled	never	Hotjar sets this cookie when a Recording starts and is read when the recording module is initialized, to see if the user is already in a recording in a particular session.
_hjRecordingLastActivity	never	Hotjar sets this cookie when a user recording starts and when data is sent through the WebSocket.
_hjSession{site_id}	30 minutes	A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session.
_hjSessionRejected	Session	If present, this cookie will be set to ‘1’ for the duration of a user’s session, if Hotjar rejected the session from connecting to our WebSocket due to server overload. This cookie is only applied in extremely rare situations to prevent severe performance issues.
_hjSessionResumed	Session	A cookie that is set when a session/recording is reconnected to Hotjar servers after a break in connection.
_hjSessionTooLarge	Session	Causes Hotjar to stop collecting data if a session becomes too large. This is determined automatically by a signal from the WebSocket server if the session size exceeds the limit.
_hjSessionUser{site_id}	365 days	Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
_hjUserAttributesHash	Session	User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.
_hjViewportId	Session	This stores information about the user viewport such as size and dimensions.
hjShownFeedbackMessage	365 days	Hotjar cookie that is set when a user minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the user navigates to another page where it is set to show.
pardot	Session	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Cookie	Duration	Description
_gcl_au	3 Months	Set by Google Ads to track and measure the performance of advertising campaigns.
_hjIncludedInSessionSample_2783668	2 minutes	Description is currently not available.
_hjSession_2783668	30 minutes	A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session.
_hjSessionUser_2783668	1 year	Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
Ar_debug	Session	Used by Google Ad Services to debug ads and generate transitional debugging reports.
Bcookie	1 Year	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
hubaccesstoken	Session	Records a logged in user’s access token via the Hub system.
IDE	1 Year 1 Month	Used by Google DoubleClick to personalize ads and retarget users across the web.
lpv883703	30 minutes	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
podaccesstoken	Session	Records a logged in user’s access status to the POD system.
polaris_session	15 hours	Cookie set upon initiation of the user’s current session on the Polaris site.
visitor_id883703	10 years	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code
visitor_id883703-hash	10 years	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.

Privacy Notice

How to use this Privacy Notice

Introduction – please read me

Who are we?

Our EU representative

The information that we collect from you

Identity data

Contact data

Location data

Transaction data

Technical data

Profile data

Usage data

Candidate data

Marketing and communications data

Special Category Personal Data

How we get your Personal Data

How and why we use your personal data

LAWFUL BASIS

PURPOSE EXAMPLES

Contractual

Onboarding

Service delivery

Account administration

Relationship management

Communication

Legitimate interest

Managing our business

Provide and maintain our Websites

Recommendations and marketing

Recruitment of candidates (contractors, employees and providers)

Reviews

Data analytics

Rights and claims

Data subject rights

Legal obligations

Legal requirement

Criminal activity

Consent

Marketing

Special Category Personal Data

Special Category Personal Data

Using your data for other reasons

Marketing and Advertising

Using Personal Data for marketing purposes

How we may share your personal data

How long will we retain your personal data?

Security

Links to other websites

Use of cookies

Data transfers

Your rights in relation to your personal data

Table of your rights

YOUR RIGHTS

DETAILS

Right to be informed

Right of access

Right to rectification

Right to erasure

Right to restriction of processing

Right to object to processing

Right to data portability

How to exercise your rights

How you can complain to or about us

Glossary

Consent

Controller

Cookies

DPA 2018

Data Protection Law

EU Representative

EU GDPR

ICO

Information Security Risks

Lawful Basis

Lawful Basis of processing personal data

For more information

Special category data

Legitimate Interests Assessment (LIA)

Personal Data