INTRODUCTION

Amber Infrastructure Limited (“Amber”) is committed to protecting and respecting your privacy.

This policy (together with our Terms of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us or any other company in the Amber Infrastructure Group Limited group of companies (the “Amber Group”), what we will use it for and with whom we share it. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Amber Infrastructure Limited is the primary data controller. Registered in England No 06818708 Registered Office: 3 More London Riverside, London SE1 2AQ Tel: 020 7939 0550.

Amber may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes. This policy was last updated on 27 October 2021.

In this Policy the term “Data Protection Legislation” means all applicable legislation relating to privacy or data protection in force from time to time, including any statute or statutory provision which amends, extends, implements, consolidates or replaces the same, and in particular to the extent applicable and without limitation the EU General Data Protection Regulation 2016/679 (“GDPR”), the GDPR as it forms part of the domestic law of the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018. The terms “personal data”, “controller", and “process” (and its derivatives) shall have the meanings given to them in the Data Protection Legislation.

COLLECTING YOUR PERSONAL INFORMATION

We may collect, record and use information about you in physical and electronic form and will hold, use and otherwise process it in accordance with the Data Protection Legislation and as set out in this policy in order to run and maintain our website, engage with you in connection with the provision or receipt of services, or for any other purpose as outlined below. We may collect or obtain such information because you give it to us (for example by filling in a form on our Website or by corresponding with us by phone, e-mail or otherwise), or because other people give that information to us on your behalf. It includes personal data you provide when you register on the Website for us to contact you, and when you report a problem with our Website.

If any information which you provide to us relates to a third party (such as a friend, spouse or other family member, or a third party beneficial owner), by providing us with their personal data you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their personal data in accordance with the above provisions, or are otherwise permitted to give us this information.

The personal data we collect and process may include:

  • your name;
  • your contact information such as your email address and telephone number;
  • information you provide to us to confirm your identity and carry out background checks for our KYC (or “know your client”) purposes; such as your home address and contact details (including your mobile telephone number), your date of birth, passport details and any other information about you that you disclose to us during the KYC process;
  • information we obtain from third parties, such as information that we obtain when verifying details supplied by you. This information may include fraud prevention agencies and information which is collected from publicly available sources;
  • any other information about you that you disclose to us when registering your interest via the Website; and
  • your IP address, your browser type and language and other information about your visit to our website.

The personal data that we collect about you, particularly where applicable to the KYC process, may include special categories of personal data, such as information about your racial or ethnic origin or criminal or alleged criminal offences.

If you fail to provide us with your personal data, or you object to us processing such information, we may not be able to fulfil our agreement with you (such as to send you the information you requested) or we may be prevented from completing our KYC process.

Non-personal data regarding the use of this Website, such as the number of hits per page, is captured automatically. This information enables us to analyse the use of the Website and customer traffic, and is used to develop and improve our Website. Like most websites, we also use “cookies” to help us improve our Website’s use and speed. Cookies are small text files that websites transfer to your electronic device, and mean that a website will remember you. There are more details in our Cookie Policy.

We do not carry out automated decision-making or profiling in relation to your personal information.

USING YOUR PERSONAL INFORMATION

We, or another company in the Amber Group, may collect, hold and use information about you in the following ways and for the following purposes:

  • to manage and respond to any request you submit through our Website;
  • to provide you with the information, products and services that you request from us (for example to send you our press releases);
  • to confirm your identity and carry out background checks in order to complete our KYC process, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
  • to comply with any requirement of applicable laws or regulations;
  • to contact you by telephone or email about products, developments or services that may be relevant to you, unless you indicate at any time that you do not wish us to do so;
  • for research purposes; 
  • to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
  • in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations.

SHARING AND TRANSFERRING YOUR PERSONAL INFORMATION

Where you submit personal information on this Website, that information is disclosed to and used by Amber, the Amber Group and third parties authorised to act on our behalf or to provide services to Amber or the Amber Group to provide the information that you have requested and for the other purposes outlined in the Privacy Policy. All our employees and data processors, who have access to and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data.

We work with third parties to research certain usage and activities on our Website on our behalf. No personal information about you is shared, however in the course of conducting this research these third parties may place a unique ‘cookie’ on your browser.

Amber also reserves the right to disclose information relating to individuals in order to comply with applicable law, and legitimate government or other regulatory requests.

We will ensure that, if we share your information with third parties, any such disclosure complies at all times with Data Protection Legislation.

We will not generally transfer personal information about you in our possession to countries outside the European Economic Area (“EEA”) or to any country not deemed to provide adequate protection of personal data. If we, or our permitted third parties, do transfer your personal data outside the EEA in certain circumstances (for example because we have to provide such information by law), we or they will put in place appropriate safeguards to ensure that your personal data remains adequately protected.

LEGAL GROUNDS FOR USING YOUR PERSONAL INFORMATION

Data Protection Legislation requires us to inform you of the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

  • you have explicitly agreed to us processing your information for a specific reason or purpose (for example when you register your details on our Website);
  • the processing is necessary for us to take steps to enter into an agreement with you;
  • the processing is necessary in order for us to comply with a legal or regulatory obligation to which we are subject; and/or
  • the processing is necessary for the purposes of a legitimate interest pursued by us, including to keep you informed about products, developments or services that may be relevant to you, to protect our business interests, to ensure that our internal processes are well-managed; to prevent fraud; or to evaluate, develop or improve our services.

We will make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will generally do so because you have given us your explicit consent to process that data.

Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

PROTECTING AND KEEPING YOUR PERSONAL INFORMATION

We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. We will normally delete your personal data after 7 years, but may retain your information for longer than this, provide it is permitted for a legal, regulatory or other legitimate business purpose. We will regularly review our files to check that information is accurate, up-to-date and still required.

All data is stored securely and security measures and procedures are in place relating to the storage and disclosure of information to prevent unauthorised access. However, although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure and we cannot guarantee the security of data transmitted to us or by us.

YOUR RIGHTS

At any time, you have the following rights in relation to your personal data:

  • to be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
  • to request access to or a copy of any personal data which we hold about you;
  • to ask that we update the personal data we hold about you or correct such personal data that you think is incorrect or incomplete;
  • to ask us to delete your personal data, if you consider that we do not have the right to hold it;
  • to object to your personal data being processed in certain circumstances;
  • to request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data;
  • to ask us to transfer a copy of your personal data to you or to another service provider or third party where technically feasible;
  • to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent); and
  • to ask us to stop or start sending you marketing messages by using the below contact details.

We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change. We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.

COOKIES

We work with third parties to research certain usage and activities on the Website on our behalf. In the course of conducting this research these third parties may place a unique ‘cookie’ on your browser. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors to their sites. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.

The Website uses Google Analytics (http://www.google.com/analytics/) for website analytics purposes – meaning that we use them to see how many visitors come to our website, the pages that generate interest and the links that visitors most often click on (amongst other things). In order to do this, Google Analytics uses cookies for website analytics purposes. You can opt-out of receiving Google Analytics cookies here.

In addition, we use two specific types of cookie on this Website:

  • Session cookies, which are temporary cookies that remain in the cookie file of your computer until you close your browser (at which point they are deleted).
  • Persistent or stored cookies that remain permanently on the cookie file of your computer. 

Name

Purpose

Duration

First/Third Party

Essential/Non-Essential

1P_JAR

Stores visitors’ preferences and personalizes ads on Google websites based on recent searches and interactions

1 Month

Third Party

Non-Essential

ASP.NET_SessionId

General purpose platform session cookie, used by sites written with Microsoft .NET based technologies. Usually used to maintain an anonymised user session by the server

Session

First Party

Essential

_ga

Google Analytics cookie – used to distinguish unique users by assigning a randomly generated number to them

2 years

Third Party

Non-Essential

_gid

 

Google Analytics cookie – used to throttle the request rate for this service; limiting the collection of data on high traffic sites

24 hours

Third Party

Non-Essential

_gat

This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes.

10 minutes

Third Party

Non-Essential

_gid

This cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited.

24hours

Third Party

Non-Essential

UMB_UCONTEXT

This cookie is set by websites using the Umbraco web content management system.

Stores a Guid reference to the current logged in user. Randomly generated at login and stored in the umbracoUserLogins database table, it allows you access the current user, without having to store any user specific data in the cookie.		  1 day  Third Party  Non-Essential

XSRF-TOKEN

This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.

 

Session

First Party

Essential

XSRF-V

This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.

 

Session

First Party

Essential

Amber-cookie

Custom cookie for tracking if cookies are accepted.

1 year

First Party

Essential

HOW TO MANAGE COOKIES

The web browsers of most computers are initially set up to accept cookies. If you prefer, you can set your web browser to disable cookies or to inform you when a website is attempting to add a cookie. You can also delete cookies that have previously been added to your computer’s cookie file.

You can set your browser to disable persistent cookies and/or session cookies but if you disable session cookies, although you will be able to view this Website’s unsecured pages, you may not be able to log onto any authenticated pages. Please visit http://www.allaboutcookies.org/manage-cookies/ to discover how to disable and delete cookies.

WEB BEACONS AND SPOTLIGHT TAGS

This Website may also contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages on the website. Web beacons and spotlight tags are simply tools used to obtain generic information about the web pages visited.

YOUR QUERIES

If you have any queries regarding privacy issues or if you wish to raise a complaint about how we are using your personal data, then please write to us at Amber Infrastructure Limited, 3 More London Riverside, London, SE1 2AQ, email CIO@amberinfrastructure.com or telephone us on 0207 939 0550. To ensure that we carry out your instructions accurately, to help us continually improve our service and in the interests of security, we may monitor and/or record your telephone calls with us. All recordings are our sole property. Please see the Terms of Use for more details on the use of our Website.

If you do not wish us to contact you, you can unsubscribe at any time by writing to Amber Infrastructure Limited, 3 More London Riverside, London, SE1 2AQ requesting that you no longer wish to be contacted by Amber or any third parties authorised to act on our behalf.

If you have concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK.