Murano Privacy Policy

Edition Date August 18th, 2018

Murano Systems Limited, and its associated companies (“Murano” and “we”, with “us” and “our” being construed accordingly), takes data privacy seriously. The nature of our business provides that, from time to time, we require personal data from our customers.

We will provide clear information about how we use this personal data, and we will always be transparent with you about what information we collect, what we do with it, with whom we share it, and who you should contact if you have any concerns.

We will ensure that any personal data we collect about you will be held and processed strictly in accordance with the Data Protection Legislation.

In this Privacy Policy, the terms “personal data”, “controller” and “processor” each have a special meaning that is set by legislation (the “Data Protection Legislation”).  The Data Protection Legislation includes: (i) the Data Protection Act 2018 or any successor legislation; and (ii) for so long as and to the extent that the law of the European Union has legal effect in the UK, the General Data Protection Regulation (EU) 2016/679 and any other directly applicable European Union regulation relating to privacy.

Application of this Privacy Policy

This Privacy Policy aims to give you information on how Murano collects and processes your personal data through your use of our website, including any data you may provide through our website when you sign up to our newsletter, or express an interest in a product or service.

Our website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This Privacy Policy supplements the other notices and is not intended to override them.

Separately, we provide further information about:

  • the collection and processing of personal data in the course of providing matchmaking or consulting services to our clients. For information about privacy in the context of services provided to our clients, click here.
  • the collection and processing of personal data of professional allocators. For further information, click here.
  • the collection and processing of personal data about our employees or contractors. For information about privacy in the context of doing work for Murano, please see the employee handbook.
  • the collection and processing of personal data in relation to job candidates or applications for roles advertised on this website. For further information, click here.
  • the collection and processing of personal data on our suppliers or service providers. For further information, click here.

 

  1. How we obtain Your Data

We obtain personal data about you (“Your Data”) from the following sources:

  • by you submitting information to us through our website www.muranoconnect.com for example, or when you subscribe to our newsletter.
  • through your use of our marketing resources, such as events or webinars which we run or sponsor.
  • from what we learn about you from your visit to our websites by you submitting information to us when you complete one of our surveys.
  • by you interacting with us via a prospective, current, or former customer (for example, where you provide your business card to us), other than in connection with ongoing services we are providing to you or your organisation.
  • Via phone conversations.
  • Via research through the Internet (including social media, like LinkedIn), trade journals and other information made public.

 

  1. Your Data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Identity Data including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data including billing address, delivery address, email address and telephone numbers.
  • Financial Data including bank account and payment card details.
  • Transaction Data including details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
  • Profile Data including your username and password, enquiries made by you, your interests, preferences, feedback and survey responses.
  • Usage Data including information about how you use our website, products and services.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

  1. What we use Your Data for

For as long as we have access to Your Data, we use it for the following purposes, unless otherwise required as a result of you exercising your data protection rights:

PurposeLegal basis
(1)  To provide you with newsletters or information you have requestedOur legitimate interest in providing you with information you have requested
(2)  To keep you informed of any activities undertaken by us which we believe may be of interest to youIf you are an existing customer: our legitimate interest in staying in touch with you to discuss potential repeat business.

If you are a prospective customer: our legitimate interest in sending you direct marketing to seek business from you, unless you ask us to stop (in which case we will stop).

(3) To gather and analyse information on the market for our internal purposesOur legitimate interest in ensuring we are able to focus our marketing and advertising more effectively
(4) To respond to an enquiry you have submittedOur legitimate interest in responding to your enquiries, e.g. by email, telephone, post or social networks.
(5) To provide perception study services to our clientsOur legitimate interests in providing our clients with the services they require.
(6) To respond to requests for information from regulated bodies or government agenciesTo comply with a legal obligation to respond to such requests or our legitimate interest in responding (as the case may be).
(7) Website analytic purposesOur legitimate interest in providing products, services, choices, operations and websites that meet the requirements of our existing and prospective customers.
  1. Who we share Your Data with

For as long as we have access to your Data, we may share any of it with any of the following to the extent that they need to have access to Your Data in order to perform their role:

  • Murano Associated Companies and any employee, contractor and agent within those companies, including but not limited to Murano Systems Limited (UK) and Murano Connect LP (USA)
  • Third parties who provide services on our behalf. For example, we use third parties such as MailChimp and GSuite to provide marketing automation services and Quickbooks to provide payment processing services. A complete list of our third-party service providers is available on request.

We may also share Your Data with companies, organisations, or individuals outside of Murano if we believe that disclosure of the information is necessary for legal reasons.

We require all third parties to respect the security of Your Data and to treat it in accordance with the law. We do not allow our third-party service providers to use Your Data for their own purposes and only permit them to process Your Data for specified purposes and in accordance with our instructions.

  1. Identity and Contact Details of Data Controller

For the purposes of the Data Protection Legislation, Murano is the controller of Your Data. If you have any questions, comments, or concerns about this Privacy Policy or how we handle Your Data, please contact us at ole@muranoconnect.com or at the address below and we will deal with your request as soon as possible.

Murano Systems Limited

106 New Bond Street

London 
W1S 1DN

United Kingdom

FAO: Data Controller

  1. International Data Transfers

In certain circumstances, we may transfer Your Data to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject. Any such transfers are, at all times, made in accordance with the Data Protection Legislation. Details of the circumstances and mechanisms in place to ensure compliance are set out below:

Murano Connect LP (USA)

All personal data used by this office is held on Murano’s central servers located in Ireland and under our control. These transfers are not repetitive and will only occur where necessary to perform a contract or for our legitimate interest in pursuing business operations, and on this basis they are permitted under the Data Protection Legislation.

MailChimp

Murano uses MailChimp to provide marketing automation services in relation to our subscribers. If you subscribed via our Murano website or have consented to Murano using Your Data to send you marketing communications, Your Data may be transferred to MailChimp’s servers in the United States. The company that operates MailChimp, The Rocket Science Group LLC, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to MailChimp in the United States are therefore made subject to appropriate safeguards in accordance with the Data Protection Legislation. MailChimp’s privacy policy can be viewed here.

GSuite

Murano uses Google’s GSuite to provide some marketing automation services in relation to our subscribers. If you subscribed via our Murano website or have consented to Murano using Your Data to send you marketing communications, Your Data may be transferred to Google’s servers in the Americas or Asia. Google, (including Google LLC and its wholly-owned US subsidiaries) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to Google in the United States are therefore made subject to appropriate safeguards in accordance with the Data Protection Legislation. Google’s privacy policy can be viewed here.

SurveyMonkey

We use SurveyMonkey to carry out our online surveys. SurveyMonkey stores survey data on its servers in the United States. SurveyMonkey Inc. (and its subsidiary company, Infinity Box Inc.) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Transfers of personal data to SurveyMonkey in the United are therefore made subject to appropriate safeguards in accordance with the Data Protection Legislation. We have also put in place a Data Processing Agreement based on the Standard Contractual Clauses approved by the European Commission to provide enhanced protection for Your Data. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. SurveyMonkey’s privacy policy can be viewed here.

  1. Your Rights in relation to Your Data

Under the Data Protection Legislation, you will have the following rights in relation to how we process Your Data:

  • Right to request access: you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to Your Data. Your right of access can be exercised in accordance with the Data Protection Legislation. You can submit a data access request at any time. In order to do this, please contact us at ole@muranoconnect.com.
  • Right to rectification: you have the right to obtain rectification of inaccurate personal data we hold concerning you.
  • Right to erasure: to the extent that (a) we no longer need to use Your Data (e.g. you no longer wish to receive marketing from us) for purposes described in our Privacy Policy, or (b) we rely on your consent and you have withdrawn it, or (c) you object to our legitimate interests for using Your Data and no exception applies to permit us to keep using it, or (d) it is established that we did not have the lawful right to process Your Data, or (e) the law requires us to erase Your Data, you may ask us to erase Your Data.
  • Right to restriction of processing: you have the right to ask us to restrict our processing of Your Data to the extent that (a) you have questioned the accuracy of Your Data and we are still checking its accuracy, (b) it is established that we did not have the lawful right to process Your Data, (c) we no longer need to use Your Data for the purposes we collected or used it for but you need it to be preserved for the purposes of legal claims, or (d) you have exercised your right to object to our use of Your Data and no exception applies to permit us to keep using it.
  • Right to object to processing: to the extent that (a) we use Your Data on grounds of our legitimate interests and no exception applies to permit us to keep using it, or (b) we use Your Data for direct marketing purposes, or (c) We use it for scientific or historical research purposes or statistical purposes and no exception applies to permit us to keep using it, you may object to us processing Your Data.
  • Right to data portability: you have the right to receive Your Data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: where you have provided your consent to us processing Your Data, you have the right to withdraw your consent at any time..
  • Right to lodge a complaint: you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office (ICO).

If you would like to exercise any of the above rights, including to withdraw your consent (where our processing of Your Data relies on your consent), please contact us at ole@muranoconnect.com.

For further information on your rights, please see the Information Commissioner’s website here.

  1. Data Retention Period

Your Data will be stored for a maximum period of 6 (six) years, after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information, unless we request your consent to store it for a longer period.

  1. Additional Information
  • There is no statutory or contractual requirement for you to provide Your Data to us and you are not obliged to do so. Please note that we may not be able to provide you with the services you have requested, such as receiving our newsletter, if you do not provide your contact details. As set out in our cookies policy, our website may not be able to fully function if you do not agree to certain cookies being set on your computer.
  • We do not undertake automated decision-making or profiling on Your Data.
  • We keep our Privacy Policy under constant review and may change it to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Policy via a notification on our website. Your continued use of our website or our other marketing services, following the posting of changes to these terms, will mean you accept these changes.
  1. Security of personal information

We recognise the need to ensure that personal information gathered via this website remains secure. Our site has security measures in place to protect against the loss, misuse, and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorised access. You acknowledge that although we exercise adequate care and security, there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorised third party.

  1. Surveys

Participation in our surveys is entirely voluntary and, by submitting your responses, you are consenting to us collecting and processing Your Data in accordance with this Privacy Policy. We will never share survey data with third parties (other than SurveyMonkey as set out in 5 above) and all data is amalgamated and anonymised before the results of the survey are published. In most circumstances, we do not collect the name or contact details of our respondents and this is only provided voluntarily by the respondent if they wish to be entered into a prize draw, so that we can contact them with their prize.

Some of your responses to our surveys may include personal data which falls within the scope of the “special categories of personal data” for the purposes of the Data Protection Legislation. For example, your responses may reveal your ethnicity or race or your political opinions. Where a question requires an answer that may include special categories of personal data, we will request your explicit consent to our processing this data in accordance with this Privacy Policy before you submit your response.

Please note that in certain circumstances, we also undertake surveys on behalf of our clients (“Client Surveys”). The personal data we collect through Client Surveys is held in accordance with this Privacy Policy and is anonymised before we create our report. We never share your personal survey data with our clients.

  1. Data obtained indirectly

In some circumstances, we may obtain personal data about you from other sources. This information may include your name, contact details and job title, which we obtain from third-party sources such as organisers of events we sponsor or other publicly available sources, such as your company’s website.

  1. External Links

Our website contains links to other websites belonging to third parties. We do not control the privacy practices of these other websites. We do not accept any responsibility for the policies of third party controllers, such as providers of search engines and social networks.  Please check the third parties’ privacy notices before you submit any personal data to them.

 

Updated: August 2018