IndyGroup Data Privacy Policy

IndyGroup is committed to protecting the privacy and security of your personal data and adhering to applicable data protection laws, including the UK GDPR and the Data Protection Act 2018. This Data Privacy Policy explains how we collect, use, and safeguard your personal data when you interact with our website, services, or otherwise provide information to us.

1. Introduction

This policy outlines our data processing practices, the types of personal data we collect, the purposes of processing, the legal basis for processing, your data rights, and how to contact us regarding data protection. By providing your personal data to IndyGroup, you acknowledge and consent to the terms of this policy.

2. Scope

This policy applies to all personal data processed by IndyGroup, encompassing data relating to customers, business partners, suppliers, contractors, and other stakeholders.

3. Data Collection

We collect personal data only for specified, explicit, and legitimate purposes related to our business operations. The types of personal data we may collect include:

  • Business Interactions: Job title, name, company, address, contact details, and financial information (account and routing numbers) for commercial transactions.
  • Know Your Client (KYC) Compliance: Information required for due diligence, including details of company shareholders and legal representatives.
  • Contractual Information: Contact details, payment information, and other data contained within contracts.
  • Website Usage Data: IP address, browser information, login dates, pages visited, and other analytics collected via cookies (subject to your cookie preferences).
  • Correspondence Data: Records of communications with IndyGroup.
  • User-Generated Content: Information you voluntarily submit or upload to our website.
  • Marketing Preferences: Information provided for subscriptions, newsletters, or other marketing communications.

We will not collect excessive or unnecessary personal data, nor will we collect data prohibited by applicable law.

4. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent: Where you have freely given specific, informed, and unambiguous consent.
  • Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

 

  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests do not override your fundamental rights and freedoms.
5. Purposes of Processing

We may process your personal data for the following purposes:

  • Managing client relationships and contracts.
  • Facilitating commercial transactions and fulfilling orders.
  • Complying with legal and regulatory requirements.
  • Responding to inquiries and requests.
  • Improving website functionality and user experience.
  • Developing and enhancing our products and services.
  • Marketing our products and services (subject to your preferences).

6. Data Sharing and Disclosure

We may share your personal data with:

  • IndyGroup Affiliates: For the purposes described in this policy.
  • Third-Party Service Providers: For essential services such as IT support, data analytics, payment processing, and marketing assistance. We ensure these providers have appropriate data protection safeguards in place.
  • Business Partners: Where necessary to fulfill contractual obligations or facilitate business operations.
  • Legal Authorities: When required by law or legal process.

We will not sell your personal data to third parties for marketing purposes.

7. Data Security

We implement robust technical and organizational security measures to protect your personal data against unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, taking into account legal and regulatory requirements. Our data retention policy outlines specific retention periods for different categories of data. 

9. Your Data Rights

You have the following rights regarding your personal data, subject to applicable law:

  • Right of Access: To obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
  • Right to Rectification: To request the correction of inaccurate or incomplete personal data. 
  • Right to Erasure ("Right to be Forgotten"): To request the deletion of your personal data under certain circumstances.
  • Right to Restriction of Processing: To restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: To object to the processing of your personal data on grounds relating to your particular situation.
  • Right to Withdraw Consent: To withdraw your consent at any time, where consent is the legal basis for processing.
  • Right to Lodge a Complaint: To lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. 
To exercise these rights, please contact us using the contact information provided below.

10. International Data Transfers

If we transfer your personal data outside of the UK, we will ensure that appropriate safeguards are in place to protect your data, in compliance with applicable data protection laws. 

11. Updates to this Policy

We may update this Data Privacy Policy from time to time. Any changes will be posted on this website, and we encourage you to review it periodically.

12. Contact Us

If you have any questions or concerns about this Data Privacy Policy or our data processing practices, please contact us.