Privacy Policy - IP House

(How we use your personal information)

At IP House UK Holdings Ltd (referred to herein as ‘IP House UK’), we’re committed to protecting and respecting your privacy. This privacy notice explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.

We have a separate Privacy Notice for our employees available on request.

Who are we?

IP House UK is registered Company having our Registered Office at First Floor, 123 Aldersgate Street, London, EC1A 4JQ.

IP House UK takes the issue of security and data protection very seriously, including compliance with the UK General Data Protection Regulation, the UK Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.

We are registered as a data controller with the Information Commissioner’s Office (‘ICO’) and our registered number is Z3593192.

How do we collect information from you?

We obtain information about you in the following ways:

Information you give us directly

We collect information from you:

when you purchase any of our services, when you make an enquiry via telephone or via our website, or otherwise provide us with your personal details;

from your arrangements to make payment to us;

during visits to our premises;

when you use our website, through the use of Cookies on our website;

when you enter information on our website or attend an online virtual meeting in platforms such as Zoom and Teams; and

from your use of any of our other online services, website, social media, etc.

Please note, we have a separate privacy policy for the data processed within our web applications, including Watchdog (privacy notice).

If you apply for a job with us, we collect information about you from your job application. If you are successful in joining our team, we will also collect information from you in relation to your employment. The personal data we use during your employment with us can be reviewed within our employee privacy notice.

We will also collect contact details from our business partners, suppliers and contractors when we begin our business relationship with you.

Information we receive regarding you indirectly

Your information may be shared with us by third parties, which might include subcontractors acting on our behalf who provide us with technical, payment or other services and our business partners;

we may collect your image and audio from our CCTV cameras which are located on our premises;

when you visit our website, we place Cookies on your device to run the website. For more information about Cookies and how we use them please see our Cookie Notice;

when you interact with us on social media platforms such as Facebook and Twitter, we may obtain information about you (for example, when you like or post on our Facebook page). The information we receive will depend on the privacy preferences you have set on those types of platforms. You should check any privacy policy / notice provided to you where you give your data to a third party, for example, when you post to our Facebook page;

during our investigation process, we may process personal data taken from publicly available sources and tools, provided by our clients who have requested our investigatory services, or using our investigatory resources; and

in order for us to carry out due-diligence or pre-employment checks when requested and where you have consented.

What type of information is collected from you? Why do we need it and how will it be used?

The personal information we collect, store and use, depends on your relationship with us. We may collect the following information about you:

If you are our customer, client, or subject of investigation:

Name

Address

Phone number

E-mail address

Other contact details as deemed appropriate

Payment information

Employment information

Online identifiers, such as social media profiles or IP addresses

Signature

Bank account details

CCTV imagery and audio

As an employee of the organisation that is our customer or client, we may use your personal data to contact you about the work we are doing for your organisation. This personal data will typically be limited to employee contact details such as name, business telephone number and email address, and job title.

Additionally, if you are a potential customer or client, and have expressed an interest in our services, we may contact you in relation to the services which you have requested information about, and in order to enter into a contract with you or your organisation.

Please note, we may also receive your personal information from our US-based operations in order to assist with investigations and provide our services.

We may use this personal information to:

to undertake and perform our obligations and duties to you in accordance with the terms of our contract/agreement either with you or another person

to enable us to supply you with the services and information which you have requested;

to analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer;

to contact you and send you details of any changes to our services which might affect you;

to contact you for your views on our products and services;

for all other purposes consistent with the proper performance of our operations and business.

If you apply for a job with us:

your contact details, previous employment history and qualifications

we may collect details of ethnicity and disability – for equalities monitoring and so that we can make any appropriate adjustments to your workplace

we may collect references from third parties whose details you have provided

We require this information as part of our recruitment process. If your application is unsuccessful, we will keep your application for six months so that we can contact you if a similar job becomes available.

If you are a business contact, such as a supplier or contractor:

we may collect your business contact details such as your name, business address and business e-mail and your company’s bank account details. If you are a sole trader this may be your personal details.

We need these details in order to provide our services, run our business and pay or invoice suppliers and contractors.

If you are a potential business contact, proposing to offer services to us, we may process your personal data in relation to entering into a contract with you or your organisation.

When you visit our website:

If you allow the relevant Cookies, we may collect information about your activities on our website and about the device used to access it, for instance your IP address and geographical location. For more information, please see our Cookie Notice.

any other personal information shared with us via our website forms, such as our Contact Us page. We will use this information to help provide the services you have requested.

Links to other websites:

Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access those using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy notice of that third party site.

When you visit our premises:

your image and audio may be captured by our CCTV cameras. Notices are available where the cameras are in operation.

CCTV is be used for security of our staff and customers and to assist with the prevention and detection of crime, or as evidence in a complaint.

If you do not wish to provide your personal data

You have obligations under your contract / potential contract with us to provide us with the necessary data. If you do not provide this information, this may prevent the Association’s ability to enter into or maintain a contract with you.

Who has access to your information?

The information you provide to us will be treated in accordance with data protection law. Depending on your type of contract or other business relationship with us, we may disclose your personal data to any of our employees, officers, contractors, insurers, professional advisors (including legal advisers and our Data Protection Officer), agents, suppliers or subcontractors, selected third parties, government agencies and regulators and healthcare providers for the purposes set out in this notice, or for purposes approved by you, including the following:

if we enter into a joint venture with, or merge with, another business entity,

if required by law, we will disclose your information to statutory bodies such as auditors or solicitors;

where processed under an investigation, the requesting client whom which we have a contractual agreement;

if we are conducting a survey of our products and/ or service, your information may be disclosed to third parties assisting in the compilation and analysis of the survey results;

we may pass your information to our third-party service providers, suppliers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example, Software providers and IT Technical services providers). This may also include sharing your personal data with our US-based operations. However, when we use these third parties, we disclose only the personal information that is necessary to deliver the services, and we have a contract in place that requires them to keep your information secure and prevents them from using it for their own direct marketing or any other purposes.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Lawful Processing

Data protection law requires us to rely on one or more lawful grounds to process your personal information. We may process your personal data under the following lawful basis:

Performance of a contract

Where we are entering into a contract with you or performing our obligations under it, such as processing your personal data as part of the services contract we have with you.

Consent

Where you have given your explicit consent for us to process your data, for example to receive marketing emails from us.

Legal obligation

Where necessary so that we can comply with a legal or regulatory obligation to which we are subject, for example where we are ordered by a court or regulatory authority like HMRC.

Vital Interests

Where it is necessary to use your data to protect your own, or someone else’s, life.

Legitimate interests

Where it is reasonably necessary to achieve our or others’ legitimate interests (as long as what the information is used for is fair and does not duly impact your rights).

We consider our legitimate interests to be:

protecting our staff and customers and assisting with the prevention and detection of crime through the use of CCTV recordings;

enhancing, modifying, personalising or otherwise improving our services / communications for the benefit of our customers;

better understanding how people interact with our website;

undertaking our core IP infringement investigatory activities;

sending you direct marketing by email or text, where you have previously shown an interest in our products or services, and where we have provided you with a choice to opt-out; and

contacting you in relation to applicant reference checks.

When we legitimately process your personal information in this way, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information where our interests are overridden by the impact on you, for example, where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

Processing special category personal data

Special categories of personal data means information about your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; health; sex life or sexual orientation; criminal convictions, offences or alleged offences; genetic data; or biometric data for the purposes of uniquely identifying you.

The special categories of personal information require higher levels of protection. We need to meet additional legal requirements for collecting, storing, and using this type of personal information.

Where we process your special category data, our legal basis for processing this will be one of the following:

(a) Explicit consent

(b) Employment, social security and social protection

(e) Made public by the data subject

(f) Legal claims or judicial acts

(g) Reasons of substantial public interest (with a basis in law) (includes equality of opportunity)

(h) Preventative and occupational medicine, provision of health and social care

(i) Public health (with a basis in law)

(j) Archiving, research, and statistics (with a basis in law)

How long is your information kept for?

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law (we may be legally required to hold some types of information), or as set out in any relevant contract we have with you. Our full retention schedule is available by contacting our Data Protection Lead. Contact Details are mentioned at the end of this privacy notice.

We review our retention periods on a regular basis.

Where do we keep your data? 

Your information will only be stored within the United Kingdom except where international transfers are authorised by law. For example, if you are a client, we may share your personal data with our US-based operations in order to provide the services you have contracted us for.

How do we keep your data safe?

When we are provided with personal data, we take steps to make sure that your personal information is kept secure and safe. All data is held in accordance with IP House UK’s data protection policies and procedures. Our various systems are password protected, with multi-factor authentication enforced, and all electronic data is stored securely, with encryption enabled during transit and at rest. Additionally, we utilise Microsoft 365 and its associated security features in order to protect your personal data, such as access management controls, data classification controls, and more. All paper files are kept in secure locked cabinets.

Keeping your information up to date

We take reasonable steps to ensure your information is accurate and up to date; however please help us keep our records updated by informing us of any changes to your email address and other contact details.

Your Rights

Under UK data protection law, you have certain rights over the personal information that we hold about you.

Right of access

You have a right to request access to the personal data that we hold about you and to request a copy of it, and we will provide you with this unless legal exceptions apply. If you want to access your information, please send a description of the information you would like to see to the contact details at the bottom of this privacy notice. We may ask for proof of your identity before proceeding with your request.

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected.

Right to restrict use

You have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we’re not lawfully allowed to use it.

Right of erasure

You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, for example, via you completing a form on our website, you may ask us to provide it to you or to another service provider in a machine-readable format.

Right to object

You have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.

If you want to exercise any of the above rights, please contact our Data Protection Lead at the details below. We may be required to ask for further information and/or evidence of identity. We will endeavour to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office.

Queries and Complaints

We seek to directly resolve any queries or complaints about how we handle information and would request that they be directed, in the first instance, to [email protected] or by telephoning 0207 553 7960.

Our Data Protection Officer is provided by RGDP LLP and can be contacted either via 0131 222 3239 or [email protected].

You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The Information Commissioner’s contact details are noted below:

Telephone: 0303 123 1113 

Online: https://ico.org.uk/make-a-complaint/

Changes to this privacy notice

Any changes we may make to this Privacy Notice in the future will be posted on this website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes to the way we process your personal data, we’ll make this clear on this website.

This Privacy Notice was last updated on 20/01/2025.