Privacy policy

    1. The privacy of our website visitors is very important to us, and we are committed to safeguarding it. This policy explains what we will do with your personal information.

    2. Consenting to our use of cookies in accordance with the terms of this policy when you first visit our website permits us to use cookies every time you visit our website.

  • The following types of personal information may be collected, stored, and used:

    1. information about your computer including your IP address, geographical location, browser type and version, and operating system;

    2. information about your visits to and use of this website including the referral source, length of visit, page views, and website navigation paths;

    3. information, such as your email address, that you enter when you register with our website;

    4. information, such as your name and email address, that you enter in order to set up subscriptions to our emails and/or newsletters;

    5. information that you enter while using the services on our website;

    6. information that is generated while using our website, including when, how often, and under what circumstances you use it;

    7. information contained in any communications that you send to us by email or through our website, including its communication content and metadata;

    8. any other personal information that you send to us.

    Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy

  • Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website. We may use your personal information for the following:

    1. administering our website and business;

    2. personalizing our website for you;

    3. supplying services purchased through our website;

    4. sending you non-marketing commercial communications;

    5. sending you email notifications that you have specifically requested;

    6. sending you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);

    7. sending you marketing communications relating to our business

    8. dealing with inquiries and complaints made by or about you relating to our website;

    9. keeping our website secure and prevent fraud;

    10. other uses.

    If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.

    Your privacy settings can be used to limit the publication of your information on our website and can be adjusted using privacy controls on the website.

    We will not, without your express consent, supply your personal information to any third party for their or any other third party’s direct marketing.

  • We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this policy.

    We may disclose your personal information:

    1. to the extent that we are required to do so by law;

    2. in connection with any ongoing or prospective legal proceedings;

    3. in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

    4. to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and

    5. to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

    Except as provided in this policy, we will not provide your personal information to third parties.

  • This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations regarding the retention and deletion of personal information.

    Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

    We will usually delete personal data falling within the categories set out below at the date/time set out below:

    1. personal data type will be deleted 16:00 04.01

    Not withstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:

    1. to the extent that we are required to do so by law;

    2. if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and

    3. in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

  • We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.

    We will store all the personal information you provide on our secure servers.

    You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

  • We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.

  • You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity (we will usually accept a photocopy of your passport certified by a notary plus an original copy of a utility bill showing your current address).

    We may withhold personal information that you request to the extent permitted by law.

    You may instruct us at any time not to process your personal information for marketing purposes.

    In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

  • This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:

    1. Information about your browser, network and device

    2. Web pages you visited prior to coming to this website

    3. Your IP address

    Squarespace needs the data to run this website, and to protect and improve its platform and services. Squarespace analyzes the data in a de-personalized form.

    Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

  • Social media refers to a variety of online internet applications that enable users to create their own content and interact with other users. Examples of social media providers are Facebook, Google, Instagram, LinkedIn and Twitter.

    We are a user of Facebook, Twitter, LinkedIn and Instagram and interact with other users by:

    1. creating a public profile which includes information on our current activities;

    2. sharing our photos, videos and posts;

    3. sharing links to content you are interested in which has been produced by third-parties (such as sharing a news article);

    4. connecting you with our breaking news as it happens;

    If you post on our social media pages or send us a private or direct message via social media, we will assume you give permission for us to respond.

    Messages posted on our social media pages are publicly available. We may use messages posted on our social media pages to better understand our audiences. If we seek to use attributable quotes from people using our social media pages, we will always seek their permission first.

    We will respond to publicly available social media posts relevant to our services/functions and/or associated issues where appropriate and within the permissions of the social media providers.

    We do not interact with third-party applications. We do not micro target ie: track your browsing habits, likes and social interactions across our social media pages in order to build up a profile about you. We are not responsible for micro targeting by social media providers and third parties operating on social media.

    You must take your own precautions to protect your personal data whilst using social media. We have no control and/or responsibility over the processing of your personal data by social media providers. When signing-up for and using social media, you should carefully consider the personal data you share on social media and with social media providers as well as reviewing the privacy policy, the terms of use of that social media service and information provided about cookies. In particular, the privacy policy and cookies information available on the service should inform you how that social media service is using your personal data and for what purpose(s).

    Data processing – MeetEdgar provides a single platform for our social media publishing, analytics, and engagement. MeetEdgar may collect information about you from your social media interactions with us, such as your social media handle, username, profile, postings, and messages you exchange with us.

    You may request a copy of the Standard Contractual Clauses or other relevant international transfer documentation by contacting startyourjourney@stephenspencerassociates.com

    Data sharing - to aid with the detection and prevention of criminal acts, we may collect from and share your information with the law enforcement agencies.

  • Please let us know if the personal information that we hold about you needs to be corrected or updated.

  • The principles of ‘Privacy by Design and Default and Consent’ can be summarised as:

    1. Use proactive rather than reactive measures. Anticipate, identify and prevent privacy invasive events before they happen.

    2. Privacy should be the default position. Personal data must be automatically protected in any system of business practice, with no action required by the individual to protect their privacy

    3. Privacy must be embedded and integrated into the design of systems and business practices

    4. All legitimate interests and objectives are accommodated in a positive-sum manner. Both privacy and security are important, and no unnecessary trade-offs need to be made to achieve both.

    5. Security should be end-to-end throughout the entire lifecycle of the data. Data should be securely retained as needed and destroyed when no longer needed.

    6. Visibility and transparency are maintained. Stakeholders should be assured that business practices and technologies are operating according to objectives and subject to independent verification.

    7. Respect user privacy by keeping the interests of the individual uppermost with strong privacy defaults, appropriate notice and user friendly options.

  • BY DEFAULT:

    Our aim is that appropriate technical and organisational measures will be applied to ensure that, by default, only the personal data which is necessary for each specific purpose of processing of personal data is used, in relation to:

    (a) the amount of personal data collected;

    (b) the extent of processing that personal data;

    (c) the period of its storage; and

    (d) its accessibility.

    Our aim is that by default personal data should be restricted to those who have a business need to know.

    BY CONSENT:

    Our aim is that when considering a proposal for a particular type of processing of personal data, the impact of this on the individuals affected should be considered, and that appropriate technical and organisational measures should be put into place to ensure that:

    (a) the Data Protection Principles are implemented; and

    (b) any risks to individuals’ rights and freedoms are minimised.

    Anonymised or partly/reversibly anonymised data should be used wherever possible.

    When buying systems/software which involve personal data, or considering transfers/sharing of personal data including using the “cloud”, we must evaluate the privacy and security of alternative solutions and vendors/partners. The use of such systems/software should to the maximum extent possible avoid personal data being involved or put at risk of a data breach.

    Personal data should only be placed on systems, devices or software where this is compliant with our policies and the legislation. The use, and duration of holding, of personal data should be minimised.

    Reviews of, and improvements to, privacy should be undertaken regularly by the team in their areas of work, documented, and privacy risks and precautions reviewed by the team regularly.

  • This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

    These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

    These analytics and performance cookies are used on this site, as described below, only when you acknowledge our cookie banner. We use analytics cookies to view site traffic, activity, and other data.

  • This document was created using a template from SEQ Legal (seqlegal.com)

    and modified by Website Planet (www.websiteplanet.com)

  • This website collects personal data to power our site analytics, including:

    • Information about your browser, network, and device

    • Web pages you visited prior to coming to this website

    • Your IP address

    This information may also include details about your use of this website, including:

    • Clicks

    • Internal links

    • Pages visited

    • Scrolling

    • Searches

    • Timestamps

    We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

  • To communicate with our Data Controller (L. Groves) please email startyourjourney@stephenspencerassociates.com

    You may also make a complaint to the Data Protection Commission here.

  • How we are prepared for a personal data breach:

    • We know how to recognise a personal data breach.

    • We understand that a personal data breach isn’t only about loss or theft of personal data.

    • We have prepared a response plan for addressing any personal data breaches that occur.

    • We have allocated responsibility for managing breaches to a dedicated person or team.

    • Our team know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.

    How we respond to a personal data breach:

    • We have in place a process to assess the likely risk to individuals as a result of a breach.

    • We have a process to inform affected individuals about a breach when their rights and freedoms are at high risk.

    • We know we must inform affected individuals without undue delay.

    • We know who is the relevant supervisory authority for our processing activities.

    • We have a process to notify the ICO of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.

    • We know what information we must give the ICO about a breach.

    • We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.

    • We document all breaches, even if they don’t all need to be reported.