We take your privacy seriously and want you to understand our practices with respect to the handling of your personal data. This privacy statement explains how we do this. This notice applies to all visitors of our website.

Why do we process personal data?

  • We process personal data to provide services, process and store payment details. We also deal with enquires, gather customer feedback, undertake market research or direct marketing in our legitimate interests to promote our business and improve our service and delivery.
  • On our websites we use third party marketing and analytical cookies, as explained in our Cookie Notice. You can reject and block cookies in your browser settings.
  • We monitor social media to respond to comments or complaints about our business and with the permission of the platform owner we may reproduce your comments on our website, on the lawful basis of our legitimate interests.
  • In our legitimate interests, we also seek to prevent and detect crime as well as protect our business and premises.
  • In order to fulfil the above purposes:
  • we may disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers, to provide services.
  • we may transfer your personal data outside the European Economic Area (the EU Member States plus Iceland, Lichtenstein and Norway) and, where we do this, we will use safeguards to protect your data.
  • We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.
  • When searching for opportunities within Ambipar Response Ltd, you can provide some contextual details about your education, including your study field, predicted grade and country of study. This will enable us to match your background with particular jobs we believe you may be suited for. The information you provide is not stored and will not be linked back to you.

Your rights

  • Any consent(s) you give us may be withdrawn at any time.
  • You have an absolute right to object to direct marketing (and any profiling for the purposes of direct marketing) at any time.
  • You also have the qualified right to:
    • request access, rectify, and erase your personal data;
    • object to processing for any purpose where we rely on our legitimate interests as the legal basis; 
    • restrict processing; and
    • supply or transfer your personal data in a portable format.

Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.

  • Where we use automated decision-making, you have the right to human intervention, to add a statement, and to have the decision reviewed.

You have the right to lodge a complaint with any data protection supervisory authority, in particular, the one within the country in which you are resident, work or in which your complaint arises. For the contact details of the Information Commissioner in the UK see www.ico.org.uk, for Information Commissioner in the Isle of Man see www.inforights.im and for the Office of Information Commissioner in Jersey see https://oicjersey.org . Details of all EU supervisory authorities can be found here

If you wish to exercise your rights, please visit our Contacts Us page

If you require further details of our Privacy Notice please read more below. 

Personal information we collect

We collect personal information when you use our services. This includes using our website or corresponding with us. We may also receive personal data about you from another source. This includes:

  • Personal Identifiers – title, name, marital status, postal and email addresses, postcode, IP addresses and contact telephone numbers.
  • Business-to-Business Information – for corporate customers and corporate business leads and contacts: job title, business address and business email address;
  • Transaction Information – payment details,
  • Membership information – membership details
  • Third Party Social Media Platforms – In relation to the social media platforms, we may receive Insights Data , i.e. aggregated data that can help us to understand how visitors are engaging with our Page, which may be based on personal data collected during your visit to our Page or its contents.
  • Customer special requests and feedback including complaints – via calls, emails and online free text fields.

Third parties that we receive personal data from may include:

  • Corporate customers and public information sources such as Companies House or similar registers in the jurisdictions of our operations; 
  • Social networks;
  • Market researchers;
  • Marketing service providers and advertising technology providers;
  • Government and law enforcement agencies;
  • Other licensees in accordance with licensing requirements;

How do we use your information, and what is the legal basis for this use?

  • To fulfil a contract, or take steps linked to a contract. This is relevant when you want to make enquiries, receive services from us or become members with us:
    • providing products and services requested by you;
    • verifying your identity;
    • processing payments;
    • communicating with you;
    • providing customer services, including managing complaints; and
    • alerting you by text, email or phone in the event of an unplanned incident, or where we believe it is in your vital interests.

In our legitimate interests regarding the conduct of our business, in particular:

  • To Ensure Customer satisfaction
    • we provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes. We reserve the right to request evidence to support any claims or complaints.
  • To Protect Our Business or Prevent Fraud
    • monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business; and
    • if you provide a credit or debit card as payment, we use third parties to check the validity of your bank account or card details in order to prevent fraud.
    • for the detection and prevention of crime.
  • For business performance and Improvement
    • analyse transactions to enable us to improve our services and products and plan for our business.
  • Developing and Marketing Products and Services
    • for raising brand awareness;
    • to understand you better as a customer by analysing your transactions and other information you provide to us or which we learn through your interactions with us;
    • for marketing (including creating profiles), competitions and promotions by email, text and push notification where permitted to do so by law; Opting in and out of preferences.
    • we may use your data to provide personalised promotional offers to you where permitted to do so by law;
    • we also share some of your information with marketing service and ad technology providers and digital marketing networks, such as Facebook and Google, to present advertisements that might interest you.
      • For example we may transfer information about you to such providers so that they may recognize your devices and deliver interest-based content and advertisements to you. The information may include your name, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in de-identified form;
    • for monitoring the use of our websites and apps in order to improve their performance and optimise our media spend;
    • we use personal data of some individuals to invite them to provide feedback or take part in market research; and
  • Legal and Regulatory purposes
    • in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation);
    • to comply with health and safety legislation.
    • to prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law; and
  • Where you give us consent
    • we will send you emails, texts and push notifications in relation to products and services provided by us;
    • when you use our websites, we place cookies and use similar technologies on your computer, mobile or other device (see our Cookie Notice);
    • we may use credit checks if you apply for a Membership with us;

You have the right to withdraw consent at any time.

  • For purposes which are required by law:
    • in response to requests by government, law enforcement authorities, or intelligence services and court orders;
    • if required to comply with health and safety legislation to which we are subject;
    • responding to a rights request under data protection legislation.

Other recipients that we disclose, transfer or share your personal data with

Group companies

We may share your personal data with the Ambipar Group. Details of the Ambipar Group can be found on our corporate website. Ambipar Response shares data within the Ambipar group when they provide us with support, advisory, IT, safety and security, and other services.

Service Providers

For some activities Ambipar Response uses third party service providers including where we are joint controllers. Your personal data will be disclosed to such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. You will be informed separately if a third party is operating as a joint controller with Ambipar Response. Third parties are used to:

  • undertake customer feedback surveys;
  • provide analytics;
  • provide IT development, support, maintenance and hosting, including the provision of applications and website hosting;
  • process payments to enable you to pay by credit or debit card;
  • provide credit checks and fraud checks; and

Other parties

Personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.

We disclose your personal data to payment providers, technology providers, and other specialist professional and technical advisers.

With your consent, we will also disclose your personal data to Ombudsman services and Citizens’ Advice.

Restructure and sale

In the event that the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

International transfers

Sometimes we may need to send or store your data outside of the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (‘EEA’). For example, to follow your instructions, comply with a legal duty or to work with or receive services from our service providers who we use to help run your accounts and our services.

If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
  • Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.

Significant automated decision-making

Like many businesses we use business rules on financial and other information in order to detect and prevent fraud. When used, these may identify a risk and, as a result, a particular transaction may not be processed.

What rights do I have?

Withdrawing consent 

Wherever we rely on your consent, you will always and at any time be able to withdraw that consent with effect for the future. We will continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies.

Objecting to data processing including direct

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is conducted on the legitimate interest basis or which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, including profiling based on those provisions. In such case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or that the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have an absolute right to opt-out of direct marketing, and any profiling we carry out for direct marketing, at any time and without any limitation. You can do this by clicking on the ‘unsubscribe/opt out’ link located in the footer of every marketing email or text or by contacting us. Where you objected to our processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Where you have a relationship with another organisation, such as a social media platform like Facebook, we may ask them to send marketing to you, subject to your consent. If you object to receiving marketing from us, we will stop marketing to you. However, please contact the organisation directly if you want to withdraw your consent to such organisation marketing to you.

Other qualified rights

  • You have the right to know whether or not we process information about you and to access that information.
  • You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete.
  • You have the right to obtain the personal data you provide to us for a contract or with your consent in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller.
  • You have the right to ask that we erase or restrict (stop active) processing of your personal data.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person or you ask us to erase information which we are required by law to Relevant exemptions are also included within the data protection laws that apply in the UK and Ireland. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us using the Contact Us page

If you have concerns, you have the right to lodge a complaint with any data protection supervisory authority, in particular, the one of the country in which you are resident, work or in which your complaint arises. For the contact details of the Information Commissioner in the UK see ico.org.uk, for Information Commissioner in the Isle of Man see inforights.im and for the Office of Information Commissioner in Jersey see oicjersey.org . Details of all EU supervisory authorities can be found here

How long will you retain my personal data?

We keep your data to enable us to fulfil our contract with you or to provide services, where required by law, to respond to a question or complaint, to obey rules about keeping records, to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests. Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.

The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period. For example, we retain:

  • for up to 36 months after it is resolved, any personal data we process in relation to queries, complaints or feedback;
  • until a period of 3 years has elapsed since your last interaction with us, personal data we process for marketing (including profiling) purposes, unless you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your request indefinitely;
  • for up to 6 years in the UK, financial and transactional data for the purposes of insights and analytics; and
  • for up to 7 years in the UK, financial information for accounting, business reporting, analysis and audit purposes.

In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons.

You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.

Cookies and other similar technologies we use

Information about the first and third parties’ cookies and other technologies we use is available in our Cookie Notice

How do I get in touch with you?

Queries and exercise of rights

If you have any queries or want to exercise any of your rights please see the Contact Us page on our website.

We may update this privacy statement from time to time and recommend that you revisit it on occasion to see the latest version.

This statement was last updated in April 2021