We understand the value and importance of your personal information. Our job is to protect and secure that information for you, and we take that very seriously.
Sherpa Management Services Limited (C75092) of 171, Old Bakery Street, Valletta VLT 1455, Malta a limited liability company registered and incorporated under the laws of Malta, is the controller of any personal data that we collect about you.
This statement is issued on behalf of Sherpa Management Services Limited, its subsidiary Sherpa Management Services UK Limited (registration number 11104703) of 118a Northcote Road, London, United Kingdom, SW11 6QP and all entities forming a part of the Sherpa Group whether as subsidiaries, affiliates or parents. When we refer to “we”, “us”, “our” or “Sherpa” in this Statement, we are referring to the relevant entity in the Sherpa Group responsible for processing your data. We will let you know which entity will be the controller for your data when you obtain any of our services.
“Protection Score” means any protection score we provide to you via the Site.
“Site” means [insert URL] and any mobile applications or similar devices, channels or applications operated by or on behalf of us.
If you need to get in contact with us, please email us at email@example.com.
The purpose of this policy is to:
- set out the type of personal data Sherpa will collect from you and how we will use your personal information
- the basis on which any personal data is processed by Sherpa
- make you aware of how Sherpa will handle your personal data
- clarify Sherpa’s obligations under applicable data protection regulations with regards to processing your personal data lawfully and responsibly
- inform you of your data protection rights.
We process your personal data in an appropriate and lawful manner, in accordance with applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (“GDPR”) which is in force as of 25 May 2018.
This statement should be read in conjunction with any other Privacy Notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This Statement was last updated in November 2019.
We may collect personal information by you:
- completing an enquiry form or answering questions via the Site
- corresponding with us by post, phone, email or otherwise in connection with a Protection Score
- requesting or receiving a Protection Score
- requesting marketing to be sent to you
- giving us some feedback.
That information may include details such as:
- your name, email address, telephone number and date of birth
- information about your household including marital status and dependents
- information about your lifestyle including travel, pets, car and home
- information about your finances including income, savings, current insurance cover and liabilities
- your marketing and communication preferences.
We may collect information from third parties to whom we introduce you, including details of any policies you may have purchased from them or any claims that you have made on those policies.
We may collect information from publicly available sources such as electoral roles or traffic accident databases, and from third parties such as compliance databases and / or compliance and from due diligence services providers.
You may also give us permission to access information from social media providers such as Facebook or LinkedIn. You may also log in to the Site via Facebook. If you do grant us permission in this way, you remain responsible for ensuring the information we obtain is not false, misleading or inaccurate.
When you visit the Site, we may also collect information including:
- technical information, including the IP address used to connect your computer to the Internet, your login information, browser type and version, the full Uniform Resource Locators (URL), clickstream to, through and from the Site (including date and time) as well as other information regarding your experience on the Site such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page
- information about your location. We may determine your location through your IP address and, when accessing the Site through a mobile device, by using the data that we collect from that device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.
Where we are collecting or processing further information we may provide you with separate Privacy Notices informing you about how and why we are using your personal data.
Some of the information that we may ask you to provide to us could be a special category of personal data, as deﬁned in the GDPR, namely personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. In particular we may process information about your health. Additionally, we may also process personal data relating to criminal convictions.
We use any personal data about you or others for speciﬁc stated purposes including to comply with applicable laws and regulations and to provide you with a Protection Score or any other services described on the Site. To the extent permitted, processing of that data will be based on applicable data protection legislation. Otherwise, we will request your explicit consent to do so.
To ensure that we provide the best experience for you that we are able to, we may use your information to:
- provide to and discuss with you a Protection Score and any other services or information described on the Site
- facilitate the provision of services which you request
- assess ﬁnancial and insurance risks in furtherance of our legitimate interest
- develop our products, services, systems and relationship with you and record your preferences
- market to you (but see ‘Your Rights’ below)
- comply with our legal and regulatory obligations
- undertake research and keep statistics
- detect and prevent fraud and crime in furtherance of our legitimate interest.
We will also use your data for the following purposes:
- administer our Site and for internal operations, including troubleshooting and in order to keep the Site safe and secure
- improve the Site to ensure that content is presented in the most effective manner for you
- ensure that content displayed on the Site is presented in a user-friendly manner
- distinguish you from other users of the Site
We may also use your information in anonymised form, meaning it is not possible to identify who you are, to analyse the use of the Site, and consumer attitudes to our products, services and marketing.
We will never sell your personal information to third parties.
We shall only process your personal data to the extent necessary for us to be able to provide the services we offer and / or for the purposes indicated in this statement.
We may also process your personal data on the basis of any legitimate interest or in order to comply with any legal obligations at law. This may include the exercise of defence of legal claims or in order to comply with an order of any court, tribunal or authority or police authority.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you. For further information on how we provide you with choices around the use of your personal data for marketing and advertisement purposes, please see below.
We may disclose your personal data to any of our international offices / companies that form part of Sherpa, and which may act as joint data controllers or data processors to the company which will be the data controller for your data when you obtain our services and / or may provide administration, controls, information or reporting services. All Sherpa companies respect the security of your personal data and treat it in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards described below.
We may need to share personal data with certain authorities and regulatory bodies, including the UK Financial Services Authority or the Malta Financial Services Authority.
We may also be under a duty to disclose or share your personal data to comply with any legal obligation, judgment or order from a court, tribunal or authority. We may also disclose your data to enforce our Terms of Business Agreement, or to protect our rights, property or safety, or that of other users of the Site. This includes exchanging information with other companies and organizations for the purposes of fraud detection and prevention.
To ensure we can provide services to you, we may from time to time need to share your information with entities outside the European Economic Area. If we do, we will ensure that it is subject to the provisions of the GDPR and applicable data protection legislation, it is kept securely and is only used for the purposes for which it was provided. We will continue to comply with our obligation to adequately protect and secure your personal information.
For this purpose, we will transfer your personal data in accordance with the standard contractual clauses (European Commission: Model contracts for the transfer of personal data to third countries) to ensure it is transferred securely and in compliance with data protection legislation, including the GDPR.
We will ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data.
The transfer of information between the Site and your device is protected with TLS1.2 end-to-end encryption protocol or newer technologies as they become available provided they are supported by your browser. All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. Usernames and passwords are issued to persons authorized to access the personal data who are bound by confidentiality not to disclose any data.
We shall only store your data as long as is strictly necessary for the purposes for which it was collected e.g. to provide you our services or for the purposes of satisfying any legal, accounting or reporting requirements. In any case, retention of data shall not exceed 10 years from the date of termination or completion of the services. This period of retention enables us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with anti-money laundering / know your client laws and regulations, anti-bribery / corruption laws and regulations, insurance laws, accounting and tax laws, applicable to certain jurisdictions in which we operate.
To the extent possible, we anonymize the data we hold about you when it is no longer necessary to identify you from that data.
You are entitled to exercise the following rights under the GDPR:
- Right to Access Information – you have the right to request information as to whether or not your personal data is being processed by Sherpa, as well as information as to how and why it is processed, by sending an email to supportsherpascore.com. You shall receive one (1) electronic copy free of charge via email. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, in which case we may also refuse to comply with your request.
- Right to object – we may from time to time contact you with suggestions on how you can limit any protection gaps you may have with special offers etc. You may contact us at any time by email to firstname.lastname@example.org to ask us not to process your personal data for such marketing purposes. Similarly, you may ask us not to process your personal data for other marketing purposes e.g. you receiving information from us about upcoming events, newsletters and publications, and your data will no longer be processed for such purposes.
- Right to withdraw consent – you have the right to withdraw your consent to this statement, and the processing practices described, at any time by sending an email to email@example.com. This will not affect the lawfulness of processing which we carried out on the basis of your consent before its withdrawal. Withdrawal of consent will result in us having to terminate our services immediately.
- Right to rectification – you have the right to obtain rectification of any inaccurate personal data about you that we have processed, update any data which is out-of-date and the right to have incomplete personal data completed, including by means of a supplementary statement.
- Right to erasure – you have the right to obtain the erasure of personal data we have concerning you when your personal data is no longer required where:
- you withdraw your consent to us processing your personal data
- your personal data no longer needs to be processed
- your personal data has been unlawfully processed.
- Right to restriction of processing – you have the right to restrict our processing activities where:
- you contest the accuracy of personal data, for a period enabling Sherpa to verify the accuracy of that personal data
- our processing is deemed unlawful, and you oppose the erasure of your personal data and request restriction of its use instead
- we no longer need your personal data for the purposes stated in this statement, but you require it for the establishment, exercising or defending of legal claims
- you have objected to our processing pending the verification whether the legitimate grounds of our processing activities overrode those pertaining to you.
- Right of data portability – you shall have the right to receive your personal data in a structured and machine-readable format and transmit this data to another Controller (as defined in the GDPR).
- Right to complain to a supervisory authority – you have the right to lodge a complaint at any time to the competent supervisory authority in your jurisdiction on data protection matters. We would, however, appreciate the opportunity to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
We may introduce you to other advisers or product providers via the Site, or you may be able to access other websites via links on the Site.
You can also find further information on cookies and local storage at the following websites.
Many browsers allow you to browse privately whereby cookies are automatically erased after you visit a site.
We also use analytics cookies. These cookies track information about how the Site is being used so that we can make improvements and report our performance. We might also use analytics cookies to test new ads, pages or features to see how users react to them. Analytics cookies may either be first party cookies or third party cookies.
By visiting the Site and providing your information to us, you consent to its use on the terms set out above.