Privacy Notices
To make it as easy and accessible as possible, we have split this privacy notice (referred to as the “Notice”) into 4 sections:
- Our general Notice, which describes our business, how we process our client’s data and how we often process personal information of those people who visit the Website (the “General Privacy Notice”).
- Our prospective candidate Notice, which is for any person who might work at Aztec, including prospective employees, contractors, secondees, students or interns (the “Privacy Notice for Candidates”).
- Our California website policy (the “California Website Privacy Policy”).
- Our cookies Notice, which provides an outline of the small programs that our website uses (the “Cookies Notice”).
General Privacy Notice
This Notice, which we will refer to in this section as this “Notice”, describes how the Aztec Group (“Aztec”, “we”, “us”, “our”) will make use of the personal data of our clients, including that sent via our website www.aztecgroup.co.uk (the “Website”)). It is important that you read this Notice together with any other privacy notices or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Notice supplements the other privacy notices and is not intended to override them.
We will update this Notice from time to time, as the nature of our business changes. If any changes have a material effect on how we process your information we will let you know.
2. The personal data we collect about you
We process personal data about you when you use the website:, this includes:
- Information you provide to us, for example, information you submit via forms on the Website and information you provide us if you contact us); and
- Website usage information (such as information about the device you use to access the Website, connection information (such as IP addresses), and information about your use of the website (such as the links that you click, how long you remain on the website, and any errors that may occur on the website)). We collect this information using cookies and other technologies as described in our Cookie Notice below.
- We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Giving us this information is optional, but if you choose not to provide it, this might affect your ability to receive certain services or take part in certain activities where we need this information.
Where you are a prospective, current or former client of the Aztec Group or, where you are an owner, controller or personnel of our prospective, current or former client (referred to in this Notice as a “client”), we process personal data about you. This includes:
- Identifying information (e.g. information used to identify a specific individual or confirm they are a person, such as: given name(s), preferred name(s), nickname(s), date of birth/age, place of birth, nationality and passport details).
- Contact information (e.g. postal address, telephone number and email address).
- Family information (e.g. family structure, siblings, offspring, marriages, divorces and relationships).
- Financial information (e.g. source of wealth, personal assets, bank account numbers and income details).
- Professional information (e.g. job titles, employment history).
- Transaction information (e.g. details about payments to and from you and other details of products and services you have purchased from us).
- Marketing and Communications data includes your preferences in receiving marketing from us and your communication preferences.
Where you are a client, in certain circumstances we will also collect, use, store and transfer certain special category personal data about you. As part of our due diligence processes, we collect information about:
- your political opinions and affiliations, so that we can identify that you are, or are connected to, a politically exposed person; and
- your criminal records or alleged criminal activity.
Where we need to collect your personal data to comply with our legal obligations, or to perform a contract we have with you, this is mandatory and we will not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services) if we do not have this information. We may have to terminate the provisions of services if this information is not provided. Otherwise, provision of the requested personal data is optional, but not providing it may affect your ability to receive certain services or take part in certain activities where the information is needed for those purposes.
If you do have any concerns about the information you’re being asked to provide, then please contact our Data Protection Officer at dataprotection@aztecgroup.co.uk or our EU Representative at EURep@aztecgroup.eu.
3. Third party sources
Where you are a client, we may receive personal information about you in the followings forms and from the following sources:
- Identifying, contact and professional information from publicly available sources such as Companies House in the UK.
- Identifying, contact, professional and sensitive personal data from searches of electronic databases researched and maintained by professional service providers to help identify and manage financial, regulatory, and reputational risk, such as World-Check; and
- Identifying, contact, family, financial, professional, transaction and sensitive personal data from your other service providers and advisers including trust companies, fund administrators, accountants, tax advisers and lawyers.
4. How we use your personal data
We have set out below the reason we may use your personal data. We manage these processes carefully to ensure your information is only used where it is necessary, that it is only used in a secure and transparent way and that any inappropriate processing is identified quickly and ceased.
Website and individuals who may contact us
- for our or a third party’s legitimate interests (as listed below) as long as these interests are not overridden by your data protection rights:
- to provide the website and the functionalities on the Website;
- to handle and respond to queries, comments, complaints and other communications you send us;
- to maintain the security of the website and to detect, investigate, monitor, remediate and/or prevent security or cyber incidents;
- for system administration, operation, testing and support
- to protect and enforce the rights, property or safety of us, our business, our clients or others;
- to understand how visitors engage with the website and to monitor, improve and optimise the performance of the Website;
- to send you marketing information about our products and services that we think may be of interest
to you (except where we require consent for this); - in relation to the establishment, exercise or defence of legal claims; and
- for compliance, regulatory, audit and investigative purposes.
- with your consent:
- to send you direct marketing by email about our products and services that may be of interest to you; and
- when we use cookies or similar technologies for the purposes explained in our Cookie Notice below;
- where we are required by law to process your personal data.
Clients
- in order to fulfil a contract, or take steps linked to a contract where we have a contract with you and this includes:
- to deliver products and services to our clients; and
- to otherwise perform our obligations under our contract with you;
- where necessary for our or a third party’s legitimate interests (as listed below) and where these interests are not overridden by your data protection rights:
- to deliver products and services to the owners, controllers or personnel of our client where our client is not a natural person. If you are a director or shareholder (or equivalent) of an entity administered by us, this will include:
- entering your information on the relevant registers;
- using your contact details to send you notices of meetings and investor communications; and
- using your financial information (e.g. bank account details) to make payment of redemption or distribution monies or director’s fees and expenses.
- to manage our relationship with you which will include notifying you about changes to our terms or this Notice;
- to send you marketing information about our products and services that we think may be of interest to you (except where we require consent for this);
- for marketing and business development activities and analysis, including analysis to understand what products and services may be of interest to you, prospective clients and our current clients for direct marketing and advertising purposes;
- to monitor, record, store and share telephone, electronic and other means of communications (including Microsoft Teams recordings) with you or our clients:
- for delivery, quality assurance, training, business analysis and related purposes in order to deliver our services; and
- for investigation and fraud prevention purposes, for example dealing with complaints and potential criminal activity;
- to handle and respond to queries, comments, complaints and other communications you send us;
- to identify and manage financial, regulatory and reputational risk;
- to send you marketing information about our products and services that we think may be of interest to you (except where we require consent for this);
- to meet obligations and disclosure requirements or requests of any regulatory, prosecuting, tax or governmental authorities, courts or other tribunals as is deemed appropriate or in respect of any laws applicable in other jurisdictions;
- in order to protect and enforce the rights, property or safety of us, our business, our clients or others;
- for information security purposes (including to detect, investigate, monitor, remediate and/or prevent security or cyber incidents) and to detect and prevent fraud;
- in relation to the establishment, exercise or defence of legal claims; and
- for compliance, regulatory, audit and investigative purposes.
- for use in AI related systems – to generate insights into client feedback, identify possible improvements and ensure we can provide the best service possible.
- to deliver products and services to the owners, controllers or personnel of our client where our client is not a natural person. If you are a director or shareholder (or equivalent) of an entity administered by us, this will include:
- with your consent:
- to send you direct marketing by email about our products and services;
- when we use cookies or similar technologies for the purposes explained in our Cookie Notice below; and
- where we are required by law to process your personal data, including:
- to comply with legal requirements to conduct compliance activities such as audit and reporting, maintenance of accounting and tax records, identity verification, anti-money laundering (AML) checks, sanctions and anti-terrorism laws and regulations and fighting crime. These compliance activities also include ‘know your customer’ screening, politically exposed persons screening (which involves screening client records against external databases to establish connections to ‘politically exposed persons’ (PEPs) as part of client due diligence and onboarding and sanctions screening – these processing activities can involve the processing of sensitive personal data);
- to comply with international tax reporting requirements; and
- to make legally required disclosures to any regulatory, prosecuting, tax or governmental authorities, courts or other tribunals.
To the extent that any personal data processed contains special category data such as, for example: personal data relating to racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership or criminal data then the processing of such data shall generally be for the purpose of complying with a right or duty imposed on us (or on any service provider appointed by us) by an enactment including, but not limited to, legislation and regulatory obligations relating to anti-money laundering and combatting the financing of terrorism and all other related legislation.
5. Disclosures of Your Personal Data
We share your personal data with the types of organisations set out below for the purposes set out in section 4:
Website users:
- Companies that place third party cookies (as explained in our Cookie Notice above); and
- Third party partners in relation to conferences to deliver and present industry know-how.
Clients:
- Other companies, employees, contractors and agents in the Aztec Group and who are based in Jersey, Guernsey, Luxembourg, the United Kingdom (the “UK”), the United States of America (The “USA”), and Republic of Ireland;
- Service providers based in Jersey, Guernsey, Luxembourg, the UK, the USA and Republic of Ireland who provide anti-money laundering screening services, client-facing application software, archiving services, business management software, telecommunications services, information technology services and marketing assistance;
- Professional advisers including lawyers, bankers, auditors and insurers based in Jersey, Guernsey, Luxembourg, the UK, the USA and the Republic of Ireland who provide consultancy, banking, legal, insurance and accounting services;
- Regulators and other authorities based in Jersey, Guernsey, Luxembourg, the UK, the USA and the Republic of Ireland who require reporting of processing activities in certain circumstances;
- Our client in connection with the products and services we provide and for the purposes of maintaining and managing our relationship with our client;
- Any third parties as required in order to establish, exercise or defend or to protect legal claims, including in relation to our contracts with our clients and in order to protect the rights, property or safety of us, our business, our clients or others, including to legal advisors, government and law enforcement authorities and with other parties involved in, or contemplating, legal proceedings;
- Competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals upon their request or as required by law; and
- Any third parties to the extent such disclosure is required under law or to enable products and services to be provided to our clients.
In all cases, we may share personal data with parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them and share personal data.
6. International Transfers
We may share your personal data within the Aztec Group and with third parties. This will involve transferring your data within the European Economic Area (“EEA”) and outside the EEA.
Whenever we transfer your personal data out of the EEA we ensure that is protected to an equivalent level – we do this in two primary ways:
- By transferring the information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, UK, the Bailiwick of Jersey, or the Bailiwick of Guernsey.
- By using standard contractual clauses approved by a competent legislative/regulatory authority (as applicable), including the European Commission, the UK, Bailiwick of Jersey, or Bailiwick of Guernsey which give personal data the same protection it has in the EU, the UK, the Bailiwick of Jersey or the Bailiwick of Guernsey
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Recordings will be kept for as long as they are deemed up to date and useful to our services.
Where you are a website user, or you contact us, we keep personal data obtained from cookies and similar technologies for the periods set out in the Cookies Notice below.
Where you are a client:
- By law we are required to keep your personal data that we have collected for the purpose of discharging our money laundering obligations for at least 5 years from the end of the relevant client relationship.
- With regard to any of your information forming part of our tax records, those records are required to be kept for 6 years (10 years in Luxembourg) from the end of the year of assessment.
- With regard to other records maintained by the Aztec Group, unless they relate to AML or tax they are kept for: in Jersey, 10 years from the date of the record; in Guernsey and the UK, the duration of the relevant client relationship plus 6 years; in Luxembourg, the duration of the relevant client relationship plus 5 years; and in the Republic of Ireland, 6 years.
- Where we monitor and record calls and/or virtual meetings and electronic communications as explained in section 4 of this Notice, we keep the recordings for as long as is appropriate.
- Where we process personal data for marketing purposes we keep the personal data for as long as is appropriate for the marketing activities we carry out, unless you object to processing for direct marketing purposes, in which case we will stop processing the relevant personal data after having implemented your request. We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
8. Your Legal Rights
You have rights under data protection laws in relation to your personal data.
- You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format; and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing purposes).
- The above rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
- Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to us processing your personal data, this will not affect any processing which has already taken place at that time.
- To exercise any of these rights, please either contact your client relationship manager (where you are a Client), our Data Protection Officer at dataprotection@aztecgroup.co.uk or our EU Representative can be contacted at eurep@aztecgroup.eu.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
- You have the right to make a complaint in relation to data protection issues at any time to the Information Commissioner’s Office in the UK, the Data Protection Authority in Jersey the Data Protection Authority in Guernsey, the National Commission for Data Protection in Luxembourg or the Data Protection Commissioner in Republic of Ireland . We would, however, appreciate the chance to deal with your concerns before you approach one of these supervisory authorities so please contact us in the first instance using dataprotection@aztecgroup.co.uk. Our EU Representative can be contacted at eurep@aztecgroup.eu.
9. Contact Us
Should you have any queries or comments on this Notice or the processing of your personal data, please use the relevant contact on our contacts page.
Our Data Protection Officer can be contacted at dataprotection@aztecgroup.co.uk. Our EU Representative can be contacted at eurep@aztecgroup.eu.
Privacy Notice for Candidates
This Notice, which we will refer to in this section as this “Notice”, is addressed to prospective employees, workers, contractors, secondees, students, interns (“you”). It makes you aware of how and why your personal data will be used, namely for the purposes of recruitment (or other selection) exercises, and for how long it will usually be retained. See section 1 for information about who acts as a data controller of your personal data.
It is important that you read this notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This notice supplements the other privacy notices and is not intended to override them.
Any data that relates to you, or from which you can be identified, is known as “Personal Data”. It does not include data where the identity has been removed (anonymous data). The Aztec Group is the controller of that data and is therefore required to provide you with this Notice. Aztec respects your privacy and is committed to protecting your Personal Data. This Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
1. Controller
Aztec is made up of different legal entities, details of which can be found on our contacts page. This notice is issued on behalf of the Aztec Group so when we mention “Aztec”, “we”, “us” or “our” in this notice, we are referring to the relevant entity in the Aztec Group that has collected your data.
That entity will be the controller of your data (the “Data Controller”) and be the party who determine the purpose for which your data is processed and how it is processed. “Processing” includes any operation or set of operations performed on personal data (e.g. collection, recording, organisation, structuring or storage).
2. The personal data we collect about you
We may process the following categories of personal data about you
- Identifying information (e.g. name(s), preferred name(s), nickname(s), date of birth / age, nationality, race, religion, languages spoken and gender).
- Contact information (e.g. postal address, telephone number, email address and social media profile details).
- Family information (e.g. marital status).
- Professional information (e.g. CV & reference information, interview content, selection process evaluations and/or results, professional memberships, names of current and former employers, education history and qualifications obtained or currently undertaking and “right to work” documentation).
- Communications information (e.g. information communicated in emails).
Special category data
As part of the data collected and stored, we may also use ’special category data’ which includes: data about your race or ethnicity, religious beliefs, sexual orientation and political opinions; health data (including any medical condition, health and sickness records); and information about criminal convictions and offences. In this Notice, we refer to these as ‘special category data’. Special category data requires higher levels of protection.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We do not need your consent if we use special category data in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so.
We may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
If you fail to provide personal data
If you fail to provide certain data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application.
3. Third party sources
Typically, we collect data from you directly; through the application and recruitment process.. Sources of data collection include: CVs, covering letters to applications, application form contents, information provided during interviews or other steps in a selection process, evaluation and/or test results.
We may sometimes collect your data (including identifying, contact, professional and special category data) from third parties including employment agencies, former employers, credit reference agencies or other background check agencies.
4. How we use your personal information
We will use your personal data in the following circumstances:
- Where we are required to do so by law.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
It is in our interests to appoint the best person for the job and, as such, it is in our interests to check your details and ensure we have the best candidate. This will involve processing any assessments you’ve been asked to take, shortlisting candidates and then interviewing and potentially employing you. If you do come and work at Aztec we’ll also carry out some pre-screening to verify references, check experiences etc.
Purposes for which Aztec will use your personal data
Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
Recruitment and selection (assess skills, qualifications, suitability for the place or role) | (a) Identifying (b) Contact (c) Professional (d) Special category data (e.g. information about disability in order to consider appropriate adjustments during the recruitment process) | (i) Employment and social security fields (ii) Legal obligation (ii) Legitimate interests |
Background and reference checks | (a) Identifying (b) Contact (c) Professional (d) Special category data | (i) Legal obligation (ii) Legitimate interests |
Record-keeping relating to Aztec’s hiring processes | (a) Identifying (b) Contact (c) Professional (d) Special category data (e.g. information relating to equal opportunities and diversity) | (i) Legitimate interests (ii) Public interest |
5. Disclosures of Your Personal Data
We share your personal data with the following parties for the purposes set out in the table in paragraph 4 above.
- Other companies, employees, contractors and agents in the Aztec Group and who are based in Jersey, Guernsey, Luxembourg, the UK, the USA and Republic of Ireland;
- Disclosure and barring service providers (via pre-employment screening); and
- Regulators and other authorities based in Jersey, Guernsey, Luxembourg, the UK, the USA and Republic of Ireland who require reporting of processing activities in certain circumstances.
6. International Transfers
We may share your personal data within the Aztec Group. This will involve transferring your data within the European Economic Area (“EEA”), UK, Jersey and Guernsey and outside the EEA.
Whenever we transfer your personal data out of the EEA, UK, Jersey and Guernsey, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, UK, the Bailiwick of Jersey or the Bailiwick of Guernsey.
- Where we use certain service providers, we may use standard contractual clauses approved by a competent legislative/regulatory authority (as applicable), including the European Commission, the UK, Bailiwick of Jersey or Bailiwick of Guernsey (as applicable), which give personal data the same protection it has in the EU, the UK, the Bailiwick of Jersey or the Bailiwick of Guernsey (as applicable).
7. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will retain your personal information for a period of six months after we have communicated to you our decision about whether to appoint you. We retain your personal information for that period so that we can make sure we’ve acted in a reasonable and non-discriminatory way and that if you have any concerns about the recruitment process, we can answer them as quickly as possible. After this period, we will securely destroy your personal information in accordance with our data years policy.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
8. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine-readable format; and to ask us to share (port) this data to another controller. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing purposes).
The above rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to us processing your personal data, this will not affect any processing which has already taken place at that time.
To exercise any of these rights, please contact our Data Protection Officer using dataprotection@aztecgroup.co.uk. Our EU Representative can be contacted at eurep@aztecgroup.eu.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
You have the right to make a complaint in relation to data protection issues at any time to the Information Commissioner’s Office in the UK, the Data Protection Authority in Jersey the Data Protection Authority in Guernsey, the National Commission for Data Protection in Luxembourg or the Data Protection Commissioner in Ireland. We would, however, appreciate the chance to deal with your concerns before you approach one of these supervisory authorities so please contact us in the first instance.
9. Contact Us
Should you have any queries or comments on this Notice or the processing of your personal data, please use the relevant contact on our contacts page
Our Data Protection Officer can be contacted at dataprotection@aztecgroup.co.uk. Our EU Representative can be contacted at eurep@aztecgroup.eu.
Helpful definitions when reading this document
Legitimate Interest means the interest of our business in conducting and managing our business. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of
erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
California Website Privacy Policy
This California website privacy policy supplements the General Privacy Policy with respect to specific rights granted under the California Consumer Privacy Act of 2018 (as amended, the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This supplement is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth in the web site Privacy Policy. To the extent there is any conflict with the privacy requirements under the U.S. Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.
What does this policy apply to?
This policy applies solely to your interactions with us through our website. If you provide personal information to use through another means (as an employee, person seeking employment or as a client) you will receive a separate privacy notice and that notice will govern such personal information.
What information do we collect about website users, and how to we obtain such information?
We collect limited types of personal information through our website, as well as through other electronic communications such as emails, as applicable. The types of personal information we collect about you depends on the nature of your interaction with us. The categories of personal information we have collected from individuals on the website over the last twelve (12) months include the following:
- Identifiers, such as name, contact details and address (including physical address and email address) voluntarily provided by website users;
- Customer records, such as telephone number and personal information provided by Website users via our contact email address on the website; and
- Other information you provide to us when you correspond with us.
- We may combine personal information that you provide to us with information that we collect from or about you from publicly available sources. This will include information collected in an online or offline context.
How do we use your personal information?
We will use your personal information for one or more of the following business purposes:
- To perform services for you.
- To improve our Website and the products and services that we offer and notify you about changes to our products and services.
- To communicate with you, including responding to requests for information submitted by you through our website.
- To keep a record of your relationship with us.
- Ongoing operations, administrative, accounting, reporting, account maintenance and other processes.
- To audit and verify the quality and effectiveness of our services and compliance.
- To detect security incidents and to protect against malicious, deceptive, fraudulent, or illegal activity.
- To generally comply with U.S., state, local and non-U.S. laws, rules and regulations.
Additionally, we may use your personal information to keep you informed of our products and services, if you have provided your consent to us doing so, or where we have an existing relationship with you and we wish to contact you about products and services similar to those which we provide you, in which you may be interested. You may opt-in to marketing at any time, by contacting us and you may unsubscribe to receiving emails by clicking on the “opt-out” or “unsubscribe” link provided in all our marketing emails.
Who do we share your personal information with?
We do not sell any of the personal information we collect about you to third parties.
We do not disclose any non-public personal information about you to anyone, except as required by law, regulation or in response to regulatory inquiries.
How do we keep your personal information secure?
We consider the protection of sensitive information to be a sound business practice, and to that end we employ appropriate organizational, physical, technical and procedural safeguards, which seek to protect your personal information in our possession or under our control to the extent possible from unauthorized access and improper use.
Your rights under the CCPA:
Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection and use of personal information specific to you over the last twelve (12) months. Such information includes:
- the categories of personal information we collected about you;
- the categories of sources from which the personal information is collected;
- our business or commercial purpose for collecting such personal information;
- the categories of third parties with whom we share the personal information (as applicable);
- the specific pieces of personal information we have collected about you; and
- whether we disclosed your personal information to a third party, and, if so, the categories of personal information that each recipient obtained.
No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services, or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this Notice in an alternative format, please submit a request on your behalf using any of the methods set forth in the Contact us section below.
Contact us
For any requests relating to the exercise of your rights under the CCPA, or questions regarding our processing of your personal information, please let us know using the details below.
Email us at the following email address: dataprotection@aztecgroup.co.uk. Our EU Representative can be contacted at eurep@aztecgroup.eu.
If you would like to contact us by telephone without incurring telephone charges, please submit your request and telephone number by email at dataprotection@aztecgroup.co.uk, or our EU Representative can be contacted at eurep@aztecgroup.eu. We will call you between 9 a.m. and 6 p.m. Eastern Standard Time.
We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request further information to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, if you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above.
Our goal is to respond to any verifiable consumer request within forty-five (45) days of our receipt of such request, but in certain cases, additional time might be required. Please contact our Data Protection Officer at dataprotection@aztecgroup.co.uk or our EU Representative at EURep@aztecgroup.eu with any questions about this California Website Privacy Policy.
Cookies Notice
Last updated: [March 2024]
The Aztec Group’s (“we”, “us”, “our”) Website found at aztec.group (the “Website”) uses cookies and similar technologies as described in our privacy policies.
You can see the relevant entities of Aztec on our Website.
A cookie is a very small text document, which often includes a unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server. Find out more about the use of cookies on www.allaboutcookies.org.
We may also use other forms of technology from time to time (such as web beacons and, in apps, software development kits (usually referred to as SDKs)), which are similar to cookies, for the purposes set out in this Cookie Notice. When we talk about cookies in this Cookie Notice, this term includes these similar technologies.
If you would like more information about our privacy practices, please consult our Privacy Notice below.