This Privacy Notice describes how Landmark Public Affairs (“we”) handles, collects, protects and stores personal information connected with the services we provide when we are a data controller as defined in the EU General Data Protection Regulation (GDPR). This broadly means when we take decisions about which personal information to process and how.

This notice does not apply when we process personal information as a data processor as defined in the GDPR. This broadly means when we process information only on the basis of instructions from our clients. When this is the case, you should contact the client on whose behalf we are processing data, since they will either be the data controller or be able to tell you who the data controller is.

This notice also does not apply to the processing of personal information of our employees.

You can use the following links to jump to different sections of the notice.

1. 1. Our contact details
2. 2. When we collect personal information
3. 3. The type of information we hold
4. 4. Why we process personal data
5. 5. When we share personal data
6. 6. How we store your information
7. 7. Your data protection rights
8. 8. How to complain

1. Our contact details

Name: Landmark Public Affairs
(This is the trading name of Landmark Public Policy Advisers Europe Limited, a company registered in England with a Belgian branch.)

E-mail: dataprotection@landmarkpublicaffairs.com

2. When we collect personal information

We collect personal information:

• When you make an inquiry about our services or enter into an agreement for Landmark Public Affairs to provide services. This applies whether you are acting as an individual or on behalf of your employer or another company or organisation. In this case, you are likely to provide some personal information directly to us, and we may supplement this by obtaining additional information from a range of public sources, including subscription services, and/or from other people associated with you.
• When it is reasonable and necessary for us to use your personal information in order for us to provide services. In this case, you may provide some personal information to us directly or our clients provide us with some information about you, and it is likely we have obtained information about you from a range of public sources, including subscription services, and/or from other people associated with you. This includes, for example, personal information about elected representatives and public officials which is often available in online directories, and personal information provided, for example, by your colleagues or members of your staff.
• When you apply for a job with us. In this you are likely to have provided a lot of personal information as part of your application, and we may supplement this by obtaining additional information from a range of public sources, including subscription services, and/or from other people associated with you. This includes personal information which you may have made available on social media as well as personal and professional references and recommendations.
• When you attend an event which we have organised on behalf of a client or for our own purposes. In this case, you are likely to have provided the information directly to us, or to our client.
• When you provide us with personal information on contacting us, for example by speaking to our staff or complete a contact form at conferences, seminars or other events. In this case, you are likely to have provided the information directly, perhaps by exchanging business cards.
• When you visit our website if you also give your consent for us to use analytics cookies, which will provide us with anonymised personal information about your use of our website, your broad location (country) and the pages that you visited. Further information about cookies is in our cookies notice.

3. The type of information we hold

We currently collect and process the following types of information:

• Personal identifiers (for example, your name, the company or organisation you work for, your position)
• Contact details (for example, your e-mail address, telephone number)
• Professional views and positions, primarily views about public policy and recent events expressed in public, reported by the media or others, or disclosed in discussion with us (for example, in the case of elected representatives, this might include statements about particular policy options or legislative proposals, as well as the content of voting records and comments made in meetings).
• Payment information (for example, bank account details where we need these to make payments to you)
• Identity information (for example, copies of proofs of identity or other relevant documents which we might ask for before employing you or entering into a business relationship with you.
• Where you have given us your consent, anonymised personal data about your browsing on our website (the anonymised IP address which you are using, your approximate location, how you arrived on our website and which pages you browsed).
• Other personal information which you provide to us

The GDPR defines and prohibits the processing of “special category personal data”, except under one of several exemptions. This is sensitive personal data which reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership; as well as genetic data, biometric data which is processed for the purpose of uniquely identifying you; and also data concerning your sex life or sexual orientation.

The only special category data which we process are those about people’s political opinions. When we do so, we rely on the exemption in Article 9(2)(e) which allows us to process such data which is manifestly made public by the data subject. This reasonably includes publicly-available information about political affiliations, as well as equivalent information provided by you at events and meetings, for example. For the avoidance of doubt, we do not include within the term “political opinions” your views about public policy, including your views on policy responses such as proposals for legislation or regulation.

4. Why we process personal data

We process your personal information for one or more of the following reasons:

• To allow us to provide you or your company with services
• To allow you or your company to provide us with goods and/or services
• To perform services in the field of public affairs, government relations and strategic and corporate communications for our clients. These services involve the processing of data relating to elected representatives, public servants, citizens, and representatives of businesses and other organisations
• To invite you to events organised by us or our clients
• To communicate with former, current and prospective clients
• To carry out billing and administration
• If you are applying for a job with us, to allow us to assess your application and consider whether to offer you a job
• In the case of data gathered using analytics cookies, to allow us to make improvements to our website by understanding how many people are using it, and how they browse it

Under the GDPR, all processing of your personal information must have a “lawful basis”. The lawful bases we rely on for processing your personal data are:

We have a legitimate interest which is not overridden by your interests or fundamental rights. We have legitimate interests in the provision of public affairs, government relations and strategic and corporate communication services to our clients and in the administration of our relations with those clients. This is the basis we rely on for most processing of personal information connected with the content and administration of our services.

The processing is necessary for the performance of a contract with you, or prior to entering into a contract with you. This is basis we rely on for some processing of contact information and most processing of payment information.

We have a legal obligation. This is the basis we rely on for processing some personal information given our tax and other administrative obligations under UK and Belgian law.

When we collect data from analytics cookies, and in a few other exceptional circumstances, we use your consent as the basis for processing your personal information. This includes occasions when the law requires us to obtain your consent so we can send you marketing communications. Where we ask for your consent to process data, we do so in ways which ensure your consent is unambiguous, freely-given, specific and informed.

5. When we share personal data

We may share personal information to the extent that this is necessary to meet the purposes for which we collect the information. This means we may share some information with our clients (other than job applicant information). We may also share information with relevant suppliers who provide services on our behalf, including IT, banking, accounting and HR (payroll) services.

We may also sometimes be required to disclose information by law, for example in response to requests or orders from law enforcement, regulators or courts.

6. How we store your information

Information is stored securely in electronic form on our servers or cloud-based servers located in the European Union and in paper form as part of a filing system in our premises in the UK and Belgium. We take security measures to ensure that personal information is held securely, whether electronically or in paper form.

We usually keep personal information for the period of your, or the relevant client’s, contract with us, plus a further period which is based on the time after that during which legal claims may be made. We may be required by law to keep some information for longer (for example, tax or regulatory information). In the case of job applications, we retain the personal information of unsuccessful applicants only until our recruitment is complete.

We dispose of information by deleting all electronic records and disposing securely of all paper-based records.

We do not apply automated decision-making including profiling to the personal information we collect.

7. Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at the addresses above if you wish to make a request.

8. How to complain

You can also complain to the relevant Data Protection Authority (regulator) if you are unhappy with how we have used your data.

If you are in the European Union, the relevant Data Protection Authority for us is the Information Commissioner’s Office (ICO) in the United Kingdom. You can contact them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113