Blackpeak is a research, investigation and consulting firm that provides risk, due diligence, dispute support and business intelligence services to clients (corporates and individuals). As part of providing these services, we may gather information on clients and others and our clients may require us to collect information on individuals in order to fulfill their compliance obligations or for legitimate business purposes.
Where appropriate, we anonymise personal information collected. We carry out regular checks to ensure that we are not collecting and holding more personal information than is necessary.
Blackpeak values your privacy and cares about the way in which your personal information is treated.
This policy describes:
- What personal information we collect about you.
- How we obtain your personal information.
- How we use your personal information.
- On what basis we use your personal information.
- How long we keep your personal information.
- With whom we share your personal information.
- How we protect your personal information.
- How we process or transfer your personal information in or to different countries.
- Your rights regarding your personal information.
Blackpeak refers to Blackpeak (Holdings) Limited, and its operating and other subsidiaries.
What Personal Information Do We Collect About You?
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our services or as a result of your relationship with us, our employees or clients. The personal information that we process includes:
- Basic information, such as your name (including name prefix or title), the company for which you work, your title or position and your relationship to other people.
- Contact information, such as your postal address, email address and phone number(s).
- Financial and other information obtained from you.
- Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically.
- Information you provide to us for the purposes of attending meetings and events.
- Identification and background information provided by you or collected as part of our business acceptance processes.
- Personal information provided to us by or on behalf of our clients, or generated by us in the course or providing services to them, which may include special categories of data.
- Any other information relating to you which you may provide to us or which we obtain in the normal course of our business.
How We Obtain Your Personal Information
- We collect information from you as part of our business acceptance processes and about you and others, as necessary, in the course of providing research, consulting, investigation and related services.
- In the course of our research we may use public, media, government or regulatory databases and other avenues to obtain information on the subjects of our work.
- We collect personal information while monitoring our technology tools and services, including our websites and email communications sent to and from Blackpeak.
- We gather information about you when you provide it to us, or when you interact with us directly.
- We may collect or receive information about individuals from other sources, including human sources and social media sites, as part of our normal business research work.
How We Use Your Personal Information
Blackpeak collects and processes personal information about you in a number of ways, including through your use of our website and in the provision of services by us. We use that information:
- To provide and improve our website, including auditing and monitoring its use.
- To provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients.
- To provide information requested by you or by our clients as part of our ordinary research and consulting business.
- To promote our services, including sending business updates, publications and details of events.
- To manage and administer our relationship with you and our clients.
- To fulfill our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims.
- For the purposes of recruitment.
Use of Blackpeak Website
A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the ‘Careers’ section of our website, our email queries facilities and the newsletter subscription application facility. The purpose of these facilities is apparent at the point when you provide your personal information and we only use that information for those purposes.
Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on your device. When you visit our website, you will be asked for permission for us and for third-party analytics to utilize such cookies.
The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous. User-level and event-level data collected by Google Analytics and associated with cookies are kept for 26 months, after which they will be permanently deleted, unless the user initiates a new session on the website.
Marketing and Other Emails
We collect personal information, such as name, email address, company, phone number and geographic location from emails and business cards and store them in our customer relationship management (CRM) software. We use information saved in our CRM to track business relationships and assess the strength of these relationships based on frequency of contact. We use that information in order to assess, analyse and improve the services that we provide.
We also use personal information from the CRM to send marketing communications by email. We use a one-pixel image which is be embedded in the footer of the campaign to track the open and read activities of the email, as well as the links the recipient has clicked. The email footer also includes an unsubscribe link, which you can click to remove yourself from the emailing list. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by replying to the email or by clicking the unsubscribe link in the email.
Data deleted from the CRM and from marketing communications will be moved into the recycle bin in encrypted form and deleted permanently after three months. Data saved on our CRM software are stored in our vendor servers in the USA and transferred or shared to our vendor as part of any request for technical support.
Meetings, Events and Seminars
We will collect and process personal information about you in relation to your attendance at our offices or at an event or seminar organised by Blackpeak or its business partners. We will only process and use special categories of personal information in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with our IT and other service providers or business partners involved in organising or hosting the relevant event.
Research, Consulting and Other Services
We collect, create, hold and use personal information in the course of, and in connection with, the services we provide to our clients. We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal information provided to us by or on behalf of our clients for the purposes of the work we do for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work.
On What Basis We Use Your Personal Information
We use your personal information on the following bases:
- To perform a contract, such as engaging with an individual to provide research, consulting or other services.
- For the establishment, exercise or defence of legal claims or proceedings.
- To comply with our legal and regulatory obligations.
- For legitimate business purposes.
How Long We Keep Your Personal Information
Your personal information will be retained in accordance with our data retention policy which provides for a data retention period of no longer than five years after you cease to be a client save where data may require to be retained for a longer period to meet legal and regulatory requirements, including limitation periods for taking legal action, or Blackpeak’s legitimate business requirements.
With Whom We Share Your Personal Information
We are an international research and consulting company and any information that you provide to us may be shared with and processed by any entity in the Blackpeak group of companies. You can see a list of our offices here.
We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers and auditors.
- Suppliers to whom we outsource certain support, research or record retrieval services.
- IT service providers to Blackpeak.
- Third parties engaged in the course of the services we provide to clients and with their prior consent.
- Third parties involved in hosting or organising events or seminars.
Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
How We Protect Your Personal Information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. In the event of any leak or breach of our data systems o information you have provided to us, we undertake to provide notification of such breach within 72 hours to the relevant data protection authority.
How We Process or Transfer Your Personal Information in or to Different Countries
In Singapore, we are governed by the Personal Data Protection Act 2012 (the “PDPA“). We will not disclose your personal information to any other person without first obtaining your consent for us to do so, unless any such disclosure is permitted under any of the statutory exemptions listed in the PDPA; for example, when the disclosure is required by law, or for any investigation.
We exercise the same duty of care and confidentiality to our other clients and hence are not under any obligation to disclose to you their personal information, unless given consent to do so.
We will do our best to protect your personal data within our control by putting in place reasonable security arrangements to prevent unauthorised access, use, disclosure or similar risks. However, we cannot be responsible for any unauthorised use of your personal data by external third parties as a result of circumstances beyond our control.
In the European Union, Blackpeak is a data controller, for the purposes of the EU General Data Protection Regulation (“GDPR“), in respect of personal data obtained from EU data subjects located in (or whose data resides in) the European Economic Area (the “EEA”). It may be necessary, in providing our services and for other legitimate business reasons, to transfer data outside the EEA, or from outside the EEA to a location within the EEA.
The level of protection for information to meet GDPR outside the EEA may be less than that offered within the EEA or for those countries on its EU Data Protection adequacy decision list. Where this is the case, we will implement effective legal remedies or obtain appropriate EU approved certifications so that EU individual rights are protected under the EU GDPR.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. When so required by law, we will collect personal information only where we have your consent to do so.
Your Rights Regarding Your Personal Information
The European Union’s GDPR, Singapore’s PDPA and other applicable data protection laws provide certain rights for data subjects. We aim to provide best global practice across all of the jurisdictions in which we operate, although the level of protection offered by law varies from country to country.
You may request details of the information we hold about you and how we process it unless you are the subject of a specific business investigation carried out by us for normal business reasons on behalf of a client (save for any information you yourself have provided). You can ask to have information we hold on you rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organization, save in relation to information on you gathered or processed for normal business reasons on behalf of a client.
If you object to the processing of personal information you have provided, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the business purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that, even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
If you wish to exercise any of these rights, please contact us by email. If you have unresolved concerns, you also have the right to complain to the data protection authority where you live, work or where you believe a breach may have occurred.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us.