top of page

GDPR Privacy Notice

Last updated: 23rd May 2023

This General Data Protection Regulation (GDPR) privacy notice (Notice) is included in our Privacy Policy and applies to the “personal data,” as defined in the GDPR, of natural persons located in the European Economic Area (EEA Individuals) processed by Filium Advisory Technologies (“Filium Advisory” or “the Company”). 

To the extent of any conflict between this Notice and the Filium Advisory Privacy Notice, this Notice shall control only with respect to EEA Individuals and their personal data. 

 

Controller disclosure and details

We are a data controller of personal data regarding the following EEA Individuals: Prospective / current customers and vendors (Business Contacts), our general website visitors (Site Visitors), and our employees and contractors (Workforce) for the purposes and under the legal basis described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Business Contacts using the Website).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Categories of personal information collected

We maintain the following information when provided voluntarily by our Site Visitors: name and email address (business e-mail address preferred). We may also maintain additional information, such as titles or phone numbers, gathered from public sources.

 

We maintain the following information provided voluntarily by our Business Contacts and gathered from public sources: Name, company, email (business email preferred), title, role, postal address, country, and telephone number (business number preferred).

 

We maintain the following information provided voluntarily by our Workforce: Name, email, role, postal address, country, telephone number, social security or national ID number, banking information and other information required for employment or contracted services.

 

We also process automatically-gathered Cookie and Browser information as described above.

 

Recipients

Our sales, marketing, and finance teams process business contacts and site visitor information internally and such information will be used for web audience measurement tools, and email marketing systems. 

 

Information we collect from other sources

We do not receive personal data about you from other service providers.

 

How and with whom we share your data 

We do not share personal data with third parties except those who work on our behalf and provide us with services necessary to conduct our business activities or to assist us in providing you with our services. These parties include, but may not be limited to: 

  • Ad networks

  • Social media services

  • Analytics service providers

  • Staff augmentation and contract personnel

  • Hosting service providers

  • Cloud storage and service providers

  • Customer support

 

Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.  

Before engaging a new processor, we perform security and privacy assessments of the processor, and we ensure that the processing of personal data is always regulated with written data processing agreements. 

 

Other disclosures

In accordance with our legal obligations, we may also transfer personal data, subject to a lawful request, to public authorities for law enforcement or national security purposes.

 

Processor disclosure

In the normal course of Filium Advisory’s work, confidential information belonging to clients, the client’s assessment targets, or client affiliates (collectively “clients” and “client-provided information”) is provided in response to document requests or observed during online sessions as part of Filium Advisory’s service offerings. Client-provided information does not generally include personal information and personal information is not processed in our applications. To the extent that personal information is provided in client-provided information, we are a data processor of the personal data provided for GDPR purposes. When serving as a processor, we have certain obligations under GDPR that include only processing personal data at the instruction of our customers as reflected in the applicable Master Services Agreement, providing assistance with fulfillment of data subject rights requests, and implementing appropriate security for personal data.

 

We do not share client-provided personal data with third parties except when necessary to assist us in providing clients with our services.  In accordance with our legal obligations, we may also share client-provided personal data, subject to a lawful request, to public authorities for law enforcement or national security purposes.

We will hold personal data for so long as we have an obligation to the client to provide the services, and thereafter until such time as we delete the client's account in accordance with our Master Services Agreement.

 

Information regarding the transfers of personal data outside of the European Economic Area

We do not transfer data outwith the EEA.

Filium Advisory also has procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

Retention period for personal information

How long we retain personal data varies according to the type of information in question and the purpose for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected. This does not affect your right to request that we delete your personal data before the end of its retention period. We may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.

Personal data relating to current Business Contact (or Business Contacts with whom we’ve had a relationship) will be retained until the relationship terminates, at which point their personal data will be retained for seven (7) years for finance and tax purposes and in case of repeat business.

 

Your GDPR rights

EEA Individuals have a right to: 

  • Obtain a copy of your personal data, together with information about how and on what basis that personal data is processed.

  • Rectify inaccurate personal data (including the right to have incomplete personal data completed).

  • Erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed).

  • Restrict processing of your personal data under certain circumstances.

  • Have a copy of your personal data sent to another controller, in a structured, commonly used and machine-readable format under the right of data portability.

  • Withdraw your consent to our processing of your personal data (where that processing is based on your consent).

  • Obtain or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

 

In addition to the above rights, EU data protection law provides applicable individuals the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes. 

 

You may exercise these rights and submit a GDPR complaint by contacting nancy@filiumadvisory.com with the subject line "GDPR Notice." You may also object at any time to processing of your personal data for direct marketing purposes by clicking "Unsubscribe" within an automated marketing email.

We will endeavour to update your personal data within thirty (30) days of any new or updated personal data being provided to Filium Advisory, in order to ensure that the personal data we hold about you is as accurate and up to date as possible.

 

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under our Master Services Agreement. Contact details for the EU data protection authorities can be found at:

http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

 

Updates to this Notice

If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this Notice, and the "Last Updated" date at the top of this page will be updated accordingly.

 

How to contact us

Filium Advisory’s main office is located at 27 Fountainhall Road, Edinburgh, EH9 2LN. Please use this address or, preferably, reach out to nancy@filiumadvisory.com for any questions, complaints, or requests regarding this Notice; please include the subject line "GDPR Notice."

Screenshot 2023-05-23 at 16.35.43.png
bottom of page