Privacy and Cookie Policy

AlphaSights is responsible for the processing of your personal data as described in this Privacy Policy and acts as the controller of such personal data. The Privacy Policy does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our clients, including where we facilitate the provision of specific output submitted by or derived from experts or clients’ engagements with experts, in each case at our clients’ sole request. In these specific circumstances, our clients act as the controller and each have in place separate privacy and data security practices which will apply. AlphaSights will however, support our clients as necessary to respond to any requests you have in respect of the processing of your personal data.

The contact details of AlphaSights Ltd and our Data Protection Officer are provided in Section 11 below.

1.1. UPDATES TO THIS PRIVACY & COOKIE POLICY

This Privacy & Cookie Policy may be updated periodically. We will update the date at the top of this Privacy & Cookie Policy accordingly and encourage you to check for changes to this Privacy & Cookie Policy, which will be available on our website. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy & Cookie Policy, as required by applicable law.

1.2 THIRD-PARTY LINKS

Our website(s) may include links to or functionality from third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

“Personal data” means any personally identifiable information belonging to an identifiable natural person, including but not limited to, an identifier such as a name, an identification number, location data, an online identifier or factors specific to the physical, economic, cultural or social identity of that natural person, and for the avoidance of doubt includes the term “personal data” as defined in the GDPR and “personally identifiable information” as defined under the California Consumer Privacy Act.

2.1 CATEGORIES OF PERSONAL DATA COLLECTED

We may collect, create, use, store and otherwise process different categories of personal data depending on how you use and interact with our products, services and online channels. We have grouped these categories below as follows:

• Identifier Data, including first name, maiden name, last name, job title, company name and username and password.
• Contact Data, including your address(es), email address(es) and telephone number(s).
• Profile Data, including your CV, professional background, languages spoken, location and country of residence, relevant qualifications, career history and moves and any additional information, which may include special category personal data and sensitive personal information to the extent it is manifestly made public by you or you voluntarily choose to provide it to AlphaSights in connection with a particular project or service offering. See Section 4 below for the additional measures we have put in place when processing these special categories of personal data.
• Due Diligence Data, including data you make publicly available (e.g. via social media and networking platforms) where required to meet specific anti money laundering, counter terrorism financing and anti-bribery legislation or other regulatory requirements or where needed to research, filter and verify experts or to screen for potential conflicts of interest.
• Identity Data (only if you have consented to an identity verification check), including a copy of your governmental ID and a photo of your face that contains facial scan or “biometric” data. For more information on whether this applies to you see Section 4.
• Financial Data (if we need to pay you), including bank account details.
• Transaction Data, including interactions you may have had with us (e.g. parties entering and exiting our conference bridge, duration and time of interactions) and any expert/client feedback.
• Marketing and Communications Data, including your preferences in receiving marketing from us and third parties and your communication preferences.
• Technical Data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s) and online services.
• Usage Data, including information about how you use our website, social media pages, apps, products and services, including the URL clickstream to, through and from our online channels (including date and time), products you viewed or searched for, the content (and any ads) that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs or acceptance of our Terms of Engagement), and methods used to browse away from the page.

2.2 CIRCUMSTANCES WHEN WE MAY COLLECT YOUR PERSONAL DATA

We may collect such categories of personal data either directly from you or from third parties and publicly available sources. The table below sets out which categories of personal information are collected in which circumstances. From time to time, we may ask you to confirm the accuracy of the personal data we process about you.

Circumstance	Categories of Personal Data
(i) Where you interact with us directly
If you are employed by a client of AlphaSights and your information has been shared with us for the purposes of you using our products and services	Identifier Data and Contact Data
If you use and interact with our products, services and online channels including our website	Technical Data and Usage Data
If you communicate with us by post, phone, email, surveys or otherwise	Identifier Data, Contact Data, Profile Data, Transaction Data and Marketing and Communications Data
If you voluntarily submit certain information to us, for example during a call with our employees, by filling out a survey or by uploading information to our platform or one of our approved third party providers	Information you have provided as part of that request including Identifier Data, Contact Data, Profile Data, Identity Data and Finance Data.
If you sign up to an event or webinar	Identifier Data, Contact Data and Profile Data
If you request to be paid by AlphaSights	Financial Data
If you express an interest in obtaining additional information about our products, services or employment opportunities, or otherwise use our “Contact Us” page or similar features	Identifier Data, Contact Data, Profile Data and Marketing and Communications Data
If you are a supplier, contractor or service provider to AlphaSights (or work for a supplier or service provider)	Identifier Data, Contact Data and Financial Data
(ii) Where we collect information about you from other sources
If we identify you as a potentially relevant expert for a specific client project	Identifier Data, Contact Data, Profile Data and Due Diligence Data
If we need to conduct any vetting or verification processes in order to contract with you	Due Diligence Data
If you interact with our products and services	Technical Data from analytics, technology and hosting providers

2.3 AGGREGATING YOUR PERSONAL DATA

We aggregate your Usage Data with the information of other website visitors, experts and clients, creating a dataset of information about the usage of our online channels, our apps, products and services, and other general, grouped information about our user base. It provides a valuable insight into the use of our services and we will share it with select third parties. This dataset is aggregated and anonymised, meaning it cannot directly identify you as an individual and is not considered personal data.

2.4 WHEN AM I REQUIRED TO PROVIDE PERSONAL DATA?

You do not have to provide personal data to access our website. However, we may have a legal obligation to collect and process your personal data, or we may require your personal data in order to provide you with specific products and services, including accessing our Platform.

If you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you and/or the quality of the products and services we provide to you might be affected. In these circumstances, we may cancel a service you receive from us or stop proceeding with a contract we are trying to enter into with you, but we will notify you if this is the case at the time.

Please note that this does not apply to the collection of biometric data provided by experts for identity verification purposes. The provision of biometric data is voluntary and will not in any way impact our payment obligations to you. However, we may be unable to engage you in any further interactions with AlphaSights without first completing our identity check.

We rely on a number of lawful bases to process your personal data (including, where legally permissible, special categories of personal data).

Where we rely on legitimate interests we have carried out a balancing test to ensure:

1. The processing is lawful, proportionate and conducted in accordance with the terms of this Privacy & Cookies Policy;
2. We have a legitimate business need to perform the processing;
3. There is no material likelihood of any adverse impact on your interests, fundamental rights, or freedoms, as a result of the processing.

You can obtain information on any of our balancing tests by contacting us using the details in Section 11 below.

We collect and process your personal data for the following purposes and rely on the following lawful bases:

• Where we need to perform a contract we are about to enter into or have entered into with you. This includes:
  • Performing our contract with you for the provision of our products and services and sending you service-related communications;
  • Managing our client and user accounts, such as billing, providing client support and client relationship management;
  • Determining compensation for AlphaSights employees such as commission, by processing your Transaction Data;
  • Managing payments to the extent the processing of Financial Data is necessary to compensate our experts, pay our suppliers or collect payments from clients.

• Where it is necessary for our legitimate interests and we have assessed that your interests, rights and freedoms do not override those interests:
  • It is necessary for our legitimate interest in facilitating appropriate and legally compliant interactions between experts and our clients to process your personal data in order to:
    • research, filter, verify and monitor experts and to screen for potential conflicts of interest in order to assess and recommend an expert’s appropriateness for a particular client engagement and to meet applicable legal, regulatory and compliance requirements, including conducting proportionate searches relating to bankruptcy, political affiliation and criminal convictions;
    • conduct identity verification and other fraud detection activities.
  • It is necessary for our legitimate interest in providing online and offline content (including improving the user experience) to our clients, prospective clients, experts and other interested parties to process your personal data in order to:
    • monitor, maintain, develop and improve the performance of our sites, products and services and customer relationships;
    • analyse trends, usage and activities in connection with our products and services, and optimise our marketing efforts and measure the effectiveness of our advertising campaigns and to grow and inform our marketing strategy;
    • manage our own internal functions such as keeping our sites secure, (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), management and corporate reporting, internal research and analytics and to improve business efficacies;
    • create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage or other characteristics of our site’s users.
  • It is necessary for our legitimate interest in complying with all legal, regulatory and compliance requirements to process your personal data in order to:
    • enforce compliance with our policies and procedures;
    • manage and provide all necessary assistance in respect of any legal claims or other compliance, regulatory, auditing, investigatory or disciplinary purposes (including disclosure of such information in connection with legal process or litigation).

• When you have expressly consented to us processing your personal data. This includes, where required under applicable law:
  • where you ask us to send marketing information via certain mediums, including by email. For more information about how to modify your preferences about marketing communications, please see Section 10.1;
  • where we record phone calls between clients and experts at the request of clients for compliance purposes;
  • where we place non-essential cookies or similar technologies on your device;
  • where, on other occasions we ask for your consent, for the purpose we explain at the time.

Where consent is relied on, you have the right to withdraw it at any time by contacting us. See Section 11 for our contact details.

• Where we need to comply with a legal or regulatory obligation. This includes:
  • in response to requests by government or law enforcement authorities conducting an investigation;
  • to comply with applicable reporting or other legal obligations.

Your personal data may be combined from the different sources identified in Section 2 for the purposes outlined above.

We do not conduct any automated decision-making using your personal data.

In certain situations we may need to process, or ask third parties to process on our behalf, your special category personal data. Special category personal data means information that can reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership as well as genetic or biometric data (if used to uniquely identify that person) and information concerning a person’s health, sex life, or sexual orientation.

Where we need to process special category data, data protection laws require us to meet one of the specific conditions in Article 9 of the GDPR. This includes where your personal data is manifestly made public by you, e.g. on the internet. We will also rely on your prior, explicit consent to process:

• Profile Data that you voluntarily share with us that falls within the definition of special category personal data, including personal data revealing your racial or ethnic origin and data concerning your health or sexual orientation, for the purposes of facilitating specific projects that fall within that scope;
• any facial scan data that is processed by an approved third party on our behalf to verify your identity.

Your consent is entirely voluntary and failure to provide consent will not prevent us from fulfilling our contractual obligations to you.

Cookies are small text files that are stored on your computer or mobile device. We use cookies on our online channels, including our website and platform, to collect information that helps us to remember your preferences and to improve your user experience.

We also use other forms of technology such as web beacons and embedded scripts which serve a similar purpose to cookies and which allow us to monitor and improve our sites and online services. We use these in connection with cookies to help operate our online channels and emails and collect information about online activity. When we talk about cookies in this Privacy & Cookies Policy, this term includes these similar technologies.

5.1 WHY DO WE USE COOKIES?

We use cookies for the following purposes:

• Necessary cookies: we use these cookies to enable you to move around our sites and to use their basic features, for example, to provide a secure login or to allow you to adjust your consent preferences. These cookies do not store any personal data. Because these cookies are essential to operate our online channels, there is no option to opt out of these cookies.
• Functional cookies: we use these cookies to help perform certain functionalities like sharing information using a social media sharing button or “like” button on our sites or apps, when you engage with our content on or through a social media site such as Facebook or Twitter, collecting feedback, and other third-party features.
• Analytics and measurement cookies: we use these cookies to analyse site usage so we can measure and improve performance and your browsing experience – for example, to make sure the website looks consistent, to gather statistics about its use and to know if you use certain functionality.
• Advertisement cookies: we use these cookies to allow third parties that serve ads on our behalf (including search engines and providers of measurement and analytics services) to provide you with customised ads based on the pages you visited previously, to ensure that you do not see the same ads repeatedly and to analyse the effectiveness of the ad campaigns.

5.2 HOW CAN YOU MANAGE COOKIES?

You will be informed when you access any of our online channels if non-essential cookies are present. Non-essential cookies will not be used until you have provided your consent using our Cookie Consent Tool.

Session cookies are used for your current browser session and will expire shortly after you close your browser (subject to compliance requirements). Persistent cookies are used to enhance your experience between website visits and will remain on your computer until you delete them or until they expire. You always have the ability to manually delete cookies.

If you are accessing an online channel where non-essential cookies are present, you can change your cookie preference and withdraw your consent at any time by navigating to the “Cookie Preferences” page.

You may also set your browser to block all cookies or to indicate when a cookie is being set, although our services may not function properly if your cookies are disabled. To find out how to control or disable cookies within most browsers, consult the “Help” section of your browser or device or visit www.aboutcookies.org.uk.

We will share your personal data with the third parties listed below for the purposes described in Section 3 above or otherwise with your consent:

Affiliates: AlphaSights is a global business, headquartered in the UK. The personal data collected by us in accordance with this Privacy & Cookie Policy may be used and shared amongst our group companies (acting on behalf of AlphaSights Ltd) to support the effective functioning of the AlphaSights Group business and the provision of its products and services.

Service Providers: When we employ a third-party to perform a function on our behalf, for example to provide software and services that support the operation and delivery of AlphaSights’ business and its products and services, we provide it with the personal data that it needs to perform its specific function. These companies are contractually authorised to use your personal data only as necessary to provide these products or services to us. We use service providers for the purposes of delivering our products and services, managing your accounts, hosting, IT, security, support, billing, surveys, facilitating and recording conference calls, business development, marketing, identity verification services and communications. We also share personal data with our accountants, auditors, lawyers and other outside professional advisors to AlphaSights, subject to binding contractual obligations of confidentiality.

Clients: We share Identifier Data, Contact Data, Due Diligence Data, Profile Data and Transaction Data relating to experts with our clients in connection with a particular project as further described in our Compliance Due Diligence Packs, Access Terms and Terms of Engagement.

Experts: We share Identifier Data relating to our clients with our experts in connection with a particular project as further described in our Compliance Due Diligence Packs and Access Terms.

Legal Requirements: We disclose personal data to government authorities, regulators or other third-parties if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a subpoena, court order or similar legal obligation; (b) protect and defend our rights or property; (c) act in urgent circumstances to protect the personal safety of users of any website or the public; (d) protect against legal liability; (e) investigate fraud or other unlawful activity; or (f) as otherwise required or permitted by law.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, including in bankruptcy, your personal data may be part of the transferred assets. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Third-Party Partners: with your consent, we may share your personal data (obtained through the use of cookies) with selected third-party partners for the purposes of servicing relevant adverts to you (see Section 5.1 above for more information).

Your personal data may be transferred to and stored by AlphaSights in the US. It may also be used and accessed by members of our group including in the US, Hong Kong, Dubai, China, Japan and South Korea and transferred to the third parties disclosed in Section 6 above who are internationally based. Accordingly, your personal data may be processed outside of your country or jurisdiction, including in locations that are not subject to an adequacy decision by the European Commission.

If we transfer your personal data outside of the UK or the EEA (within our Group or to third parties), we ensure that the recipient of your personal data has appropriate safeguards in place to protect your personal data. These are:

• there is a decision by the European Commission or other applicable data protection legislator or regulator, that the country to which the data is transferred provides an adequate level of data protection;
• in absence of such decision, our contracts with the relevant third parties include approved standard contractual data protection clauses or international data transfer agreements approved by the European Commission and the UK Information Commissioner’s Office; or
• there is an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulator or legislator.

We have put in place appropriate organisational, technical and physical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They should only process your personal data on our instructions and are subject to a duty of confidentiality. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk. You are also responsible for protecting your password, limiting access to your devices and signing out of our online channels after your sessions.

We will only retain your personal data for as long as we believe necessary to fulfil the purposes we collected it for (see Section 3 above), including for the purposes of satisfying any legal, accounting, reporting or audit requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available by contacting us using the details in Section 11 below. Any Identity Data processed on AlphaSights’ behalf by our third party provider for the purposes of identity verification checks will be automatically deleted no later than 50 days after collection.

10.1 YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right:

To request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

To request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.

To request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), or where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

To object to processing of your personal data. This is where we are relying on a legitimate interest to process your personal data and there is something about your particular situation that makes you want to object to that processing. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data that override your objection.

To opt out of direct marketing. You have an absolute right to opt out of direct marketing or profiling we carry out for direct marketing at any time. You can do this by following the instructions in the communication or by contacting us using the details in Section 11 below. Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your account.

To request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

To request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to electronically held information which you originally provided to AlphaSights.

To withdraw consent. This occurs at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

All these rights may be limited by relevant exemptions under applicable data privacy laws. We will inform you of any relevant exemptions we rely upon when responding to any request you make.

10.2 HOW TO EXERCISE YOUR RIGHTS

To exercise your rights, please contact us using the information in Section 11 below. Your personal data may be processed in order for us to respond to your request.

10.3 NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we can refuse to comply with your request in these circumstances.

10.4 WHAT WE MAY NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to someone who doesn’t have the right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.5 TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We hope we can satisfy any queries you may have about the way we process your personal data. If you have any concerns or would like to exercise any of your rights, please use this form available on our website, contact our Data Protection Officer by email at dpo@alphasights.com or write to us at AlphaSights Ltd, Thames Court, 1 Queenhithe, London, EC4V 3DX, United Kingdom. To find the details of your local AlphaSights office please click here. If you are a California resident, you may also contact us at +1 (888) 369-1693 regarding your rights under the California Consumer Privacy Act.

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. If you have any unresolved concerns, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or to your local data protection authority.

If you are a California resident, you have specific rights in respect of the processing of your personal information under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). See Section 11 about how to contact us to exercise any of these rights:

12.1 RIGHT TO KNOW

You have a right to be informed of the categories of personal information listed in the California Consumer Privacy Act that AlphaSights collects about you. These are:

1. Identifiers, including name, address, IP address, email address and driver’s licence number (to the extent you voluntarily choose to provide it in connection with an identity verification check);
2. Personal information categories in the California Customer Records statute, including name, signature, address, telephone number, driver’s licence (to the extent you voluntarily choose to provide it in connection with an identity verification check), education, employment history, bank account number (to the extent required to process payment) and medical information (to the extent voluntarily provided in connection with a specific project);
3. Characteristics of protected classifications under California or federal law to the extent you voluntarily choose to provide it to AlphaSights in connection with a particular project or service offering;
4. Commercial information, including records of products or services purchased or other purchasing histories or tendencies;
5. Biometric information to the extent you voluntarily choose to provide it in connection with an identity verification check;
6. Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website or advertisement;
7. Geolocation data;
8. Audio information in the form of telephone recordings requested by clients for compliance purposes to the extent you voluntarily consent to being recorded;
9. Professional or employment-related information;
10. Inferences drawn from personal information to create a profile about a consumer reflecting their preferences, attitudes, abilities and aptitudes;
11. Sensitive personal information, to the extent you voluntarily consent to providing it or otherwise make it manifestly public, including:
    1. For the purposes of identity verification checks only, your driver’s licence or passport number and biometric facial scan data;
    2. For the purposes of a specific project or service offering only, your racial or ethnic origin, religious or philosophical beliefs or union membership, or personal information concerning your health or your sexual orientation;
    3. For the purposes of processing payment only, your financial information; and
    4. For the purposes of analysing user activity and ensuring compliance with specific legal and compliance requirements your precise geolocation.

Please see Section 2.1 above for more information on the specific types of personal information we may collect about you.

Please see the following sections above for information on:

• The sources from which this personal information is collected (Section 2.2);
• The purposes for which these categories of personal information are used (Section 3);
• The categories of third parties to whom the personal information is disclosed and the business or commercial purposes for doing so (Section 6);
• The length of time AlphaSights intends to retain the personal information (Section 9).

You also have the right to receive a copy of the specific personal information we hold about you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information.

12.2 RIGHT TO DELETE

You can request that AlphaSights deletes your personal information and tells our service providers to do the same, subject to certain exceptions (such as when we are legally required to keep the information).

12.3 RIGHT TO OPT OUT OF SELLING AND SHARING

AlphaSights does not sell your personal information. With your consent, we may share your personal information (in the form of your Usage Data and Technical Data) with third party partners for the purposes of servicing relevant adverts to you on our behalf (see Section 5.1 for more information). If you would like to opt-out of sharing your personal information for the purposes of cross-context behavioural advertising, please update your cookie preferences by navigating to the “Cookie Preferences” page on the website.

12.4 RIGHT TO CORRECT

You can request that AlphaSights corrects inaccurate information that we have about you. For more information see Section 10.1 above.

12.5 RIGHT TO LIMIT USE AND DISCLOSURE OF YOUR SENSITIVE PERSONAL INFORMATION

You can direct businesses to only use your sensitive personal information for limited purposes, such as providing you with the services you requested. In the limited circumstances where we collect your sensitive personal information, we always limit the use of that information to that which is necessary to provide you with the goods and services requested. We will not use or disclose your sensitive personal information for any other purpose.