Privacy Policy

This privacy notice describes how Azinzird (“Zinzir”, “we”, “us” or “our”) collects and uses Personal Data, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other applicable data protection law in the United Kingdom (collectively “data protection law”).

Our role
Where we decide how and why Personal Data is processed, we are a Controller. This is generally the role under which we process Personal Data. 
Types of Personal Data
Given our role as facilitator of the Network, we may collect and process the following Personal Data of individuals at member firms: We may also collect and process the following Personal Data for our employees:  
In addition, we limit access to the Firm Portal to authorised representatives of member firms who are required to create a dedicated user account with secure login credentials. The Firm Portal User Terms and Conditions strictly prohibit the sharing of log in credentials.
Data transfers
We will share Personal Data with third parties where we are required by law, where it is necessary to administer our relationships between clients and Data Subjects, or where we have another legitimate interest in doing so.
As the Network is global, Personal Data may be transferred to member firms outside the European Union (EU) and to countries that do not have laws that provide specific protection for Personal Data.  All Personal Data will be provided with adequate protection and all transfers of Personal Data outside the EU are done lawfully. Where we transfer Personal Data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
We will also share Personal Data with third-party service providers.  For example, we use third parties to provide:  
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect Personal Data. We only permit our third-party service providers to process Personal Data for specified purposes and in accordance with our instructions.
Rights and responsibilities
A Data Subject’s duty to inform us of changes
It is important that the Personal Data we hold about is accurate and current.  On an annual basis we will use reasonable endeavours to contact Data Subjects to verify whether the information we hold about them is correct.  However, at any time, please notify us of any changes in your personal information of which we need to be made aware by contacting us, either through your usual contact or by using one of the means set out at the end of this privacy notice. 
A Data Subject’s rights in connection with Personal Data
Data Subjects may have certain rights under UK or EU law in relation to the Personal Data held by us about them. In particular, they may have a right to:  
Withdrawal of consent
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time. However, as noted above, we do not generally process Personal Data based on consent.
To withdraw consent to our processing of your Personal Data please email us at [email protected] or, to stop receiving an email from a marketing list, please click on the unsubscribe link in the relevant email received from us.
Contacting us to exercise a right
If any individual would like to exercise the above rights please contact us by sending an email or by one of the means set out at the end of this privacy notice. We may charge for a request to access details of Personal Data, if permitted by law. If a request is clearly unfounded, repetitive or excessive we may refuse to comply with that request.
Please note that it our policy not to provide copy documents if we are contacted by Data Subject seeking access to their Personal Data. We will comply with this request in another way, usually by providing a newly created document listing the information we are required to provide under data protection law.
We may need to request specific information from those individuals who contact us to help us confirm their identity and ensure their right to access their personal data (or to exercise any of their other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask them for further information in relation to their request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if a request is particularly complex. In this case, we will notify the individual concerned and keep them updated.
Data Subjects also have the right to make a complaint to the ICO, the UK supervisory authority for data protection issues. For further information on individual rights and how to complain to the ICO, please refer to the ICO website.