#### About this privacy notice At Guru Systems Ltd, we respect your privacy and are committed to protecting your personal data. This ‘privacy notice’ explains, amongst other things, how and why we collect, store, use and share personal data and your rights to control our use of it. It applies not just to visitors to our website, but also personal data that we process through other interactions with individuals in the course of running our business and delivering our services, such as potential or existing clients, industry contacts, people interested in working for or with us and our suppliers. We maintain separate privacy notices that will apply if we engage with you as an employee or contractor, or if you create an account on our mobile app. #### Some information about us as data controller This privacy notice is for **Guru Systems Ltd** (referred to as "**Guru**", "we", "us" or "our" in this privacy notice). We are a company registered in England and Wales under company number 08172055 whose registered office is at Unit 05.G01 The Leather Market 11-13 Weston Street, Bermondsey, London, England, SE1 3ER. We collect, use and are responsible for certain personal data. When we do so we are regulated under data protection laws and we are responsible as “data controller” of that personal information for the purposes of the law. We can be contacted via our representative Nicky Butterworth, Chief Operations Officer via email on nicky.butterworth@gurusystems.com or call +44 (0) 20 8050 4300. #### Types of personal data obtained, purposes and legal basis Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We collect and use personal data from different categories of individuals for different purposes and these each have a different 'lawful basis'. This section describes the lawful basis and purposes in detail and, although it’s technical, we’re required by law to explain this to you. The lawful basis for processing your personal information will typically be one of the following: - Your consent; - Performance of a contract with you or a relevant party; - Our legitimate business interests in operating our business; or - Compliance with our legal obligations. **If you fill in a form on our website to contact us or download a document**: we will store the data you enter (usually name, contact details, message) for the purposes of responding to your enquiry and business development. We do this on the basis that it is necessary for our legitimate interests in operating and promoting our business. We store your data for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see above). **If you receive our email updates**: we will hold your email address for the purpose of sending you updates and news and occasionally inviting you to events that we think you will find interesting. We process this data on the basis that we have your consent. You can withdraw your consent at any time by using the “unsubscribe” links at the bottom of each email. **If you hold an account on the Guru platform**: we will hold your name and email address for the purpose of providing you with secure access to your account. We do this on the basis that it is necessary for our legitimate interests in operating our data platform for clients. You or your employer will have provided these details through the account creation process. If you want to update your details or if you no longer require your account or want us to delete your data, please email us (see above). We will hold your information until you or we delete your account. **If you work for one of our clients or a partner organisation or if you are an industry contact**: we may hold your name, company, job title and contact details. We will have been provided with this data either by you or your employer or in some cases we may have sourced it from publicly available sources, such as Linked In and internet searches. We need this data in order to interact with you (or your employer) for the purposes of performing services for clients and communicating with relevant people. We do this on the basis that is it necessary for our legitimate interests in operating and growing our business. We will hold your details for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see above). **If you are a supplier or work for a supplier**: we may hold your name and contact details in order to interact with you or your employer to procure and pay for goods and services. We do this on the basis that it is necessary for our legitimate interests in doing business with you or your company. We will hold this information for as long as we need to interact with you for these purposes. In all cases if you would like us to update or delete your information, please send us an email (see above). **If you submit an application to join us, whether as an employee or contractor**: we will hold any personal information you provide to us (via our website or other methods), or that is sent to us by a third-party recruitment agency or website. This is likely to be your name, contact details and CV. We will use this information for the purpose of communicating with you and evaluating your application. We do this on the basis that it is necessary for our legitimate interests in recruiting talented people to operate our business. We will hold this information for as long as we need to interact with you for these purposes and the data of unsuccessful candidates will normally be deleted no more than 12 months after a decision is made. In all cases if you would like us to update or delete your information, please send us an email (see above). #### Cookies and similar technologies If you visit our website, we may store information relating to you using cookies or similar technologies, which we can access when you visit our site in future. Generally, the cookies used do include information from which you can be identified as an individual. For more information on our use of cookies and how to control them see our [Cookie Policy](https://www.gurusystems.com/cookie-policy/). #### Retention of personal data We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, taking into account applicable data protection laws, retention periods under applicable laws, limitation periods and our business needs. #### Sharing your personal data We may share your personal data with the following third parties in certain circumstances: - IT and system administration service providers acting as data processors (see below) who provide services or - cloud-based software to enable us to operate our organisation. - Professional advisers such as lawyers, bankers, accountants or auditors in order to provide legal, finance, - accounting or auditing services. - Law enforcement or other authorities (such as tax authorities) if required by applicable law. If you attend one of our events, the name and company of attendees are usually shared with the event speakers, any third-party event hosts and may be shared with other attendees. This is done to share knowledge and enable access to the venue. We reserve the right to disclose your information to a third party as part of a merger or transfer, acquisition or sale, or in the event of a bankruptcy. In such cases, we will require the relevant third parties to provide comparable levels of protection as we provide with respect to the information we share. **Data processors**: We use a number of different service providers (acting as ‘data processors’) who provide IT and system administration services to enable us to operate our organisation and the services we provide. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories: - Website analytics - Website and data hosting - IT and system administration - Document storage - Email, contacts and calendar - CRM, accounting and billing - Engineering and metering - Industry data collection and aggregation These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law. For security reasons we do not name all our service providers in this privacy notice. Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us. #### International transfers of personal data We do not directly transfer any of your personal data outside the UK or the European Economic Area (EEA). However, some of our data processors may do so and this section explains the impact of these international transfers and how your information is protected. Many of our data processors operate “cloud-based systems”, which means the information is held in information data centres in different locations. In some cases, they hold copies of your personal information outside the UK/EEA. In each such case our processors and/or we employ one or more of the transfer safeguard mechanisms designated by data protection legislation, which are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse. Please contact us (see above) if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the UK/EEA. #### Your personal data rights The personal data we hold about you is ***your*** data, and you have certain rights over the data under applicable data protection laws. This section summarises the rights you have where your personal data is protected under UK data protection legislation. - You have the right to **request a copy** of all personal data we hold relating to you. You also have the right to require us to **correct** any mistakes in the personal data we hold relating to you. - Where we are processing your data based on your **consent** you can **withdraw that consent** and we must immediately stop processing your data. - Where we process your data based on a “**legitimate interest**” (underlined in the section on “purpose and lawful basis”, above) you still have the **right to object** to our processing of that data if you feel it impacts on your fundamental rights and freedoms. - You also have the **right to object** where we are processing your personal data for direct marketing purposes. The easiest way to do this is to use the unsubscribe links at the bottom of all marketing emails. - In certain situations, you have the right to require us to **erase** personal data where there is no good reason for us continuing to process it, or to request **restriction of processing** of your personal data. - Finally, you have the right to request the **transfer** of your personal data to you or a third party in a structured, commonly used, machine-readable format in certain circumstances. For further information on each of these rights, including the circumstances in which they apply, see the [Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation](http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). If you would like to exercise any of these rights, the easiest way is by dropping us an email (see above). #### Automated decision-making using personal data You have a right to object to any decisions being taken through the processing of your personal data by automated means if they produce legal effects concerning you or similarly significant effects on you. We can confirm that we do not undertake any automated decision-making, or profiling, based on the processing of personal data. #### Keeping your personal information secure We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. #### Your rights to lodge a complaint with the Regulator At all times, you have the right to report a concern or lodge a complaint with the Information Commissioner’s Office. Please refer to the ICO at [https://ico.org.uk/concerns/](https://ico.org.uk/concerns/) or by calling them on 0303 123 1113. Of course, we hope that we can resolve your issue quickly and fairly ourselves. #### Changes to this privacy notice We may change this privacy notice from time to time by amending this page.