Privacy Notice

Introduction

This Privacy Notice applies to personal data that is collected and/or used by AnotherDay, and its affiliates and subsidiaries (collectively, “we”, “our,” “us,” or “AnotherDay”). A full list of affiliates and subsidiaries is available here.  We collect and/or use your personal data in the capacity of controller, which means we decide how to process your personal data and have certain responsibilities in relation to your personal data. Personal data means any information that is directly or indirectly related to you.

In this Privacy Notice, we identify the personal data that we collect about you and how we use that data. This Privacy Notice applies to any personal data you provide to AnotherDay and any personal data we collect from other sources, unless you are provided a more specific privacy statement at the time of data collection. This Privacy Notice does not apply to any third-party websites, applications or portals (“Sites”) linked to AnotherDay’s Sites, or to any AnotherDay Sites that have their own privacy notices. If you provide personal data to us about other people, you must provide them with a copy of this Privacy Notice and obtain any consent required for the processing of that person's data in accordance with this Privacy Notice.

If you have any questions about this Privacy Notice, please contact us using the details set out in the Contact Us section. When using our Sites, you should read this Privacy Notice alongside the Site’s Terms of Use.

When AnotherDay provides services to clients, we sometimes process personal data as a processor. This means that our processing activities are solely undertaken on the instructions of our clients, who determine the purposes and means of processing and exercise overall control of your data. If you have any questions or wish to exercise your rights relating to your personal data when this is the case, it may be necessary for you to contact the client on whose behalf the processing of your personal data is carried out. If we receive a request from you relating to personal data for which a client is the controller, we will pass the request to the appropriate client to the extent permitted by law.

In this Privacy Notice, the term "Data Protection Legislation" means all applicable legislation relating to privacy or data protection in force from time to time. Please note that some privacy rights and obligations may differ in certain locations based on applicable Data Protection Legislation.

The following sections will guide you through our practices for the collection, usage, disclosure and retention of your personal data:

  • Who the privacy notice applies to
  • How we collect your personal data
  • Personal data we process
  • How we use your personal data
  • Automated decision making and profiling
  • Sharing your personal data
  • How we protect your personal data
  • How we protect your personal data when sending it internationally
  • Marketing activities
  • How long we keep your personal data
  • Your rights in relation to your personal data
  • Contacting us
  • Updates to this Privacy Notice

Who the privacy notice applies to

This Privacy Notice provides information for those individuals whose personal data we process, including:

  • Users of our Sites.
  • Individuals with whom we may have a business relationship: such as employees or other representatives of our clients, suppliers, professional advisors, service providers, conference attendees, those requesting or receiving our marketing information, making general inquiries, entering competitions or promotions, visitors to our offices, government officials and authorities.
  • Any individuals whose data we process in the course of the services we provide to our clients: AnotherDay's services include due diligence, threat intelligence monitoring and reporting, investigations in support of potential and ongoing legal proceedings, and risk consulting.

References to "you" and "your" are references to users of AnotherDay’s Sites, any individuals with whom we may have a business relationship or any other individual whose data we process in the course of the services we provide to our clients (as applicable).

How we collect your personal data

We collect your personal data in a number of ways, which vary based on how you interact with us and as allowed by applicable Data Protection Legislation. The following summarises our various collection points:

Information you give to us

We collect and process personal data directly from you or which we gather about you during the course of your relationship with AnotherDay, such as when you contact us through one of the methods set out on our Sites or any other communication between us during the course of our relationship. We also collect and process personal data you provide if you report a problem with our Sites or if you respond to a survey or participate in a live event or market research.

Information we automatically collect about you

Each time you use AnotherDay’s Sites, we will automatically collect certain technical personal data, such as data related to your device, including your IP address used to connect your device to the internet.

We also automatically collect certain types of personal data by using cookies, server logs and other similar technologies. There are more details on this in our Cookie Policy.

Information we collect about you during the provision of our services

For the most part, we act as a processor on behalf of our clients for such processing activities, and you may obtain information about this processing from those clients directly. Where we act as a controller in the provision of our services, we collect information directly (for example, by undertaking surveillance activity or through source enquiries with suitable individuals). We may also obtain this information from third party sources (such as information about you provided by our clients or by our sub-contractors who are involved in gathering the information), or from publicly or commercially available sources (including, but not limited to, general internet searches, news sites and aggregators, databases and online forums, specialist databases, social media information, records and databases issued by public authorities, corporate filings, court records, data brokers or data aggregators and dark web searches).

Where we obtain this information from third parties, we will always seek to confirm that the third party has provided transparent information about its use of this data.  

Individuals whose personal data is processed during the course of our client services have the same rights as all other data subjects and personal data processed in this manner is subject to the same safeguards as set out in applicable Data Protection Legislation and this Privacy Notice. Please see above for details, and the Contact Us section below for details of how to exercise your rights.

Personal data we process

We process the following types of personal data depending on the purpose of your interaction with us and as allowed by applicable Data Protection Legislation:

Users of our Sites
Communication Data
Personal data that you provide to us when you contact us, such as your name, contact details (home address, email address and telephone number), details of your query and any extra information that you choose to provide to us.
Device and Web Data
Such as online identifiers (including IP address), device information and information about your visit to our Site (including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.
Individuals with whom AnotherDay has a business relationship
Business Contact Data
Such as your name, work contact details, proof of identity and proof of address (for KYC purposes) and any other details that you may choose to provide to us.
Business Financial Data
Such as bank account information.
Security and Monitoring Data
Such as images of you that are captured on CCTV systems.
Other individuals whose  data we process in the course of the services we provide to our clients
Identity Data
Such as your name, identification numbers (for example government identification number, passport number, tax identification number or driving licence number), age, date of birth, gender and marital status.
Contact Data
Such as your home address, personal email address and telephone number.
Employment or Business Data
Such as your employment history, job titles, location of employment and information relating to your remuneration, directorships and shareholdings.
Lifestyle Data
Such as location details, relationship details, family and dependents details, social media activity, social media handles, car registration details, asset ownership, financial information, spoken or written quotes, role in notable events.

In addition, this may include special categories of personal data, such as information about your race, ethnicity, religious or philosophical beliefs, sexual orientation, sex life, political opinions, physical or mental health or trade union membership.
Images
Such as images, videos and audio recordings of you that are captured as part of our surveillance activities.
Criminal Data
Such as criminal convictions data.
Other Data
Other identifiers obtained as part of our dark web and open-source searches.

Under Data Protection Legislation, "special categories of personal data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person's sex life or sexual orientation. Some of the personal data that AnotherDay holds about you (such as some categories of Lifestyle Data listed above) is deemed to be special categories of personal data under Data Protection Legislation. AnotherDay will usually only process these special categories of data where it is necessary in relation to a particular client instruction.

How we use your personal data

Applicable Data Protection Legislation may require that when we process your personal data, we are required to inform you of the purpose of processing, and the legal basis relied upon to process your personal data. This table sets out our purposes of processing, the lawful basis of processing we rely on, and the personal data processed for that purpose.

Purpose of processing
Lawful basis of processing
Personal Data
Users of our Sites
To provide you with a safe, smooth, efficient, and  customised experience on our Sites
Our legitimate  interests (to provide, run and administer our Sites)
Communication Data, Device and Web Data
To ensure that the content on our Sites is presented in  the most effective manner for you and your device
Our legitimate  interests (to provide you with content relevant to you in the most optimum  format)
Device and Web Data
To provide you with the information and services that  you request from us
Our legitimate  interests (to run and administer our business, to provide you with  information you have requested or to respond to queries from you)
Communication Data
To administer our Sites and for internal operations,  including troubleshooting, data analysis, testing, research, statistical and  survey purposes
Our legitimate  interests (to run and administer our Sites and to evaluate, develop and  improve our services)
Device and Web Data
As part of our efforts to keep our Sites safe and  secure
Our legitimate  interests (to maintain the security of our Sites)
Device and Web Data
Individuals with whom AnotherDay has a business relationship
To maintain our relationship with you or your employer
Our  legitimate interests (to be able to administer our relationship with individuals  with whom we have a business relationship and for the operation of our  business)
Business Contact Data
To manage our business operations (for example, performing due diligence and background checks, maintaining your account with us, maintaining records, conducting data analytics, surveys, benchmarking and risk modelling)
  • Our legitimate interests (for the operation of our business)
  • Compliance with a legal obligation
Business Contact Data, Business Financial Data
To comply with our legal obligations (for example,  complying with national security or law enforcement requirements, discovery  requests, or where otherwise required or permitted by applicable laws or  regulations, court orders or regulatory authorities) and to exercise or  defend ours, yours or third parties' legal rights
  • Compliance with a legal obligation
  • Our legitimate interests (to exercise or defend legal rights)
Business Contact Data, Business Financial Data
To monitor and prevent fraud or wrongdoing
Our  legitimate interests (to maintain the safety, security, quality and  availability of our services, systems and data and to protect against data  loss, malicious, deceptive or fraudulent activity, and debug or identify and  repair errors that impair existing intended functionality)
Business Contact Data, Business Financial Data
To improve our services
Our  legitimate interests (to evaluate, develop and improve our services, quality,  training, security, technology systems and to improve and develop systems and  algorithms involving machine learning and artificial intelligence)
Business Contact Data
To manage mergers, acquisitions and other business  reorganisations
Our  legitimate interests (in the context of a corporate transactions)
Business Contact Data
To issue or pay invoices
Necessary  for performance of a contract with you
Business Financial Data
To send you communications (e.g.  blog posts, white papers and email marketing)
Consent or our legitimate interests (toc ommunicate and market to you where we do not require your consent)
Business Contact Data
To invite you to an event we  host
Our  legitimate interests (to host events, both business and social focussed, to  generate strategies and solutions within our industry, to build  relationships, and to generate business)
Business Contact Data
Security and monitoring  access to our offices
Our  legitimate interests (to ensure the security of our buildings)
Security and Monitoring Data
Other individuals whose data we process in the course of the services we provide to our clients
To provide a service to clients (e.g. intelligence and due diligence, risk analysis and consulting, investigations or surveillance)
  • Our clients' legitimate interests (to undertake research in order to assess the risks posed by an individual or event to them as an organisation)
  • Our legitimate interests (to meet client requirements and provide clients with the instructed service, for record-keeping purposes)
  • processing undertaken in connection with the vital interests of an individual

With respect to any special category personal data:

  • The personal data has been manifestly made public by the data subject; or
  • Processing is necessary for the establishment, exercise, or defence of legal claims.; or
  • Substantial public interests (assessed on a case-by-case basis)

With respect to any criminal offence personal data:

  • The personal data has been manifestly made public by the data subject; or
  • Processing is necessary for legal claims; or
  • Substantial public interests (assessed on a case-by-case basis)
Identity Data, Contact Data, Employment or Business Data, Lifestyle Data, Images, Criminal Data or Other Data

Automated decision making and profiling

If you are a customer or Site user we use automated decision making and profiling in limited circumstances for the purposes set out above. However, such automated decision-making or profiling will never be used in circumstances where it may have a legal or similarly significant impact on you.

Sharing your personal data

We may share your personal data with the following third parties for the purposes set out in this Privacy Notice:

We require third parties (where applicable) to maintain a comparable level of protection of personal data as set out in this Privacy Notice by the use of contractual requirements or other means. On request and where required by applicable Data Protection Legislation, we will confirm the name of each third party to which your personal data has, or will be, transferred. To the extent permitted by applicable Data Protection Legislation, we disclaim all liability for the use of your personal data by third parties.

How we protect your personal data

We use a range of organisational and technical security measures to protect your personal data, including, but not limited to, the following:

  • Restricted access to those who need to know for the purposes set out in our underlying agreement or this Privacy Notice, and who are subject to confidentiality obligations.
  • Firewalls to block unauthorised traffic to servers.
  • Physical servers located in secure locations and accessible only by authorised personnel.
  • Internal procedures governing the storage, access and disclosure of your personal data.
  • Additional safeguards as may be required by applicable Data Protection Legislation in the country where we process your personal data.

Please note that where we have given you (or you have chosen) a password, you are responsible for keeping the password confidential. Please do not share your password with anyone.

How we protect your personal data when sending it internationally

We operate as a global business and may transmit your personal data across borders, including within AnotherDay’s affiliates and subsidiaries  and to certain third parties, including our partners and service providers. This sharing of data allows us to provide you services as set out in our underlying agreement or as otherwise indicated in this Privacy Notice.

The laws that apply to the country where the data is transferred may not be equivalent to that in your local country (or in the country in which we provide the services). Transfers of personal data will comply with applicable Data Protection Legislation and be subject to suitable safeguards to ensure an adequate level of protection, including, where required, the use of standard contractual clauses approved by the local data protection regulator, that require each party to ensure that the personal data receives an adequate and consistent level of protection. Please contact us using the details provided under the Contact Us section if you would like further information regarding our international transfers and the steps we take to protect your personal data when sending it internationally.

Marketing activities

From time to time, we may provide you with information about our products or services or those of our partners that we think will be of interest to you. We may send you this information by email, LinkedIn, SMS, text, post or we may contact you by telephone. We may also share your personal data with AnotherDay’s affiliates and subsidiaries so that they can provide you with information about their products and services we believe will be of interest to you.  We ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of sending you marketing materials.

You can opt out of receiving marketing communications from us at any time. Please use the "unsubscribe" link in our marketing emails to opt out of receiving those emails. Alternatively, please contact us using the details provided under the Contact Us section. In such circumstances, we will continue to send you service-related communications where necessary.

How long we keep your personal data

We keep your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, as set out in this Privacy Notice, based on our business needs and legal requirements.

When we no longer need your personal data, we de-identify or aggregate the data or securely destroy it based on our retention policy.  Please note that de-identified or aggregated data is not treated as personal data under this Privacy Notice and may be used for analytics purposes.

We have a detailed retention policy that governs how long we hold different types of information. Please contact us using the details provided under the Contact Us section for further information regarding how long we keep your personal data.

Your rights in relation to your personal data

You have certain rights in respect to the personal data we hold about you, subject to permitted exemptions. These include:

Right to access your personal data

You have a right to ask us for copies of your personal data and certain details of how we use it.

Right to rectification

You have a right to ask us to amend or update your personal data if you believe the personal data we hold about you is inaccurate or incomplete.

Right to erasure

You have a right to ask us to erase your personal data in certain circumstances, such as where you withdraw consent or where the personal data we collected is no longer necessary for the original purpose. This will be balanced against other factors. For example, we may have regulatory and/or legal obligations which limit our ability to comply with your request.

Right to restriction of processing

You have a right to restrict the processing of your personal data in certain circumstances, such as where you think we have processed your personal data unlawfully or where you think that the personal data we hold about you may be inaccurate.

Right to data portability

You have a right to ask that we transfer personal data that you have given us to you or another organisation in certain circumstances.

Right to object to processing, including marketing

You have a right to object to your personal data being processed if we process your personal data in our legitimate interest. You may also ask us to stop sending you direct marketing messages and using your personal data for direct marketing purposes at any time.

Rights related to automated decision-making

You have a right to ask not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similar effects.

Right to withdraw consent

We will ask for your consent for certain uses of your personal data. Where we do this, you have the right to withdraw your consent to further use of your personal data.

Right to complain

You have the right to contact us if you have any concerns with how we use your personal data and we will do our best to resolve your concerns. You may also have a right to complain to the local data protection regulator if you believe that our use of your personal data is in breach of applicable Data Protection Legislation.  For example, in the UK, the relevant regulator is the Information Commissioner’s Office (ICO) and its contact details are available here: https://ico.org.uk/make-a-complaint/. Exercising this right will not affect any other legal rights or remedies you have.

You can exercise your rights by contacting us using the details provided in the Contact Us section.  We will usually not charge you for processing these requests. There may be cases where we are unable to comply with your request (e.g., via a permitted exemption or where the request would conflict with our obligation to comply with other legal requirements). We will tell you the reason if we cannot comply with your request and we will always respond to any request you make.

Contacting us

You can contact us if you have any questions about how we collect, process or use your personal data or if you wish to exercise any of your rights with respect to your personal data. To assist in providing you with an accurate response, please let us know that your question relates to AnotherDay.

Address:
Data Protection Office
The Walbrook Building
25 Walbrook
London EC4N 8AW

Email: DPO@ajg.com

Updates to this privacy notice

We may update this Privacy Notice from time to time. When we make updates, we will post the current version on our Sites and will revise the version date located at the bottom of the Privacy Notice. We encourage you to review this Privacy Notice periodically so that you will be aware of our current privacy practices.

Updated: 03/01/2024