top of page

The Incremental Pathway Website Privacy Notice

 

We are committed to protecting and respecting your privacy. This notice sets out how we collect, use and protect your personal data, and how the law protects you.

​

Introduction

 

In this privacy notice “We”, “us” and “our” refer to Incremental Pathway Limited, incorporated in England (company number 16016957) with registered offices at 4a Hafer Road, London, England, SW11 1HF.

​

This page uses the term "info address" to refer to info@incrementalpathway.com.

​

This notice applies when you visit our website The Incremental Pathway and if you use our services.  It also applies if we identify you as a prospective customer, as someone who might be interested in what we have to offer, if you sign up to our updates, if you supply services to us or partner with us.  These are all situations where we are acting as a data controller with respect to your personal data, when we determine why and how your personal data is processed. 

​

Our website and services are not intended for children, and we do not knowingly collect data relating to children. We have a separate privacy notice that applies if you are applying to work with us that will be provided to you at the relevant time. Our website may contain links to and from the websites of our partners and other businesses.  If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for their privacy obligations.  Please check their privacy notices before you submit any personal data to these websites.

​

Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes.

​

Contact Details

 

​​

For any questions about this privacy notice, or to exercise your legal rights, you can contact us at our info email address (please see Introduction).

 

Types of Personal Data We Collect

 

Personal data means any information about an individual from which that person can be identified.  We may collect, use, store and transfer different kinds of personal data about you which we collect from various sources as described below:

​

  • Identity Data includes name(s), title, username(s), other identifiers such as passwords, marital or other status, date of birth, gender, role, the company you work for, and identification documents.

  • Contact Data includes email address, work details, work address, billing address, telephone numbers, LinkedIn or other url.

  • Background Check Data includes passport and/or driving licence, confirmation of address, date of birth, directorship and/or shareholder details, and any other data provided as part of checks carried out to comply with our regulatory obligations, including anti-money laundering and sanction checks. 

  • Financial Data includes bank account, payment card details, credit reference information, and invoice details relating to the purchase of our or your services.

  • Transaction Data includes details of payments made to and from you, purchase and account history and correspondence, and information relating to request or complaints.

  • Matter Data includes personal information provided to us by you or on your behalf, by or on behalf of counterparties, or generated by us in the course of providing our services, which may include special categories of data, call recordings, online meeting audio and video recordings, records of meetings, profile data such as your interests, preferences, feedback and survey responses.

  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, platform and other technology on the devices you use to access our website, and information used for security purposes.

  • Usage Data includes information about how you use our website, products and services, and email tracking data about whether you open, or click on links within our website or marketing-related emails.  

  • Marketing and Communications Data includes your preferences in receiving marketing communications from us and our third parties and your communication preferences.

​

We may also collect, use and share anonymised data and aggregated data such as statistical or demographic data for any purpose. Anonymised and aggregated data may be derived from your personal data but is not personal data if this data cannot directly or indirectly reveal your identity to us. For example, we may aggregate statistics to understand usage of our website and to help improve our services. 

​

How We Collect Your Personal Data

 

We use different methods to collect data from and about you, including through:

​

  • Your direct interactions with us. You may give us your personal data by engaging or corresponding with us in relation to the provision of our or your products or services, for example at industry events, by phone, email, post, filling in forms on our website, through feedback or other requests, by attending workshops or meetings with us (including online), or by posting to our LinkedIn and other social media pages.

​​

  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns, and Usage Data about how you interact with our website and other platforms, and whether you open or click on links within our marketing-related emails. We may collect this personal data by using cookies, pixels, server logs and other similar technologies. For further information see Cookies section below.

​​

  • Third parties or publicly available sources. We receive personal data about you from various third parties and public sources based inside and outside the UK, as set out below: 

    • Identity Data, Contact Data and Background Check Data from publicly availably sources such as Companies House, HM Land Registry, electoral registers, LinkedIn, Twitter, press articles and publications, personal blogs and other websites; 

    • Identity Data, Contact Data, Background Check Data and Financial Data from service providers, debt collection agencies and previous employers assisting us in carrying out ID, address verification and credit checks;

    • Identity Data, Contact Data and Matter Data from partners and suppliers working with us;

    • Identity Data, Contact Data and Marketing and Communications Data shared with us by lead generation, data brokers, and marketing and aggregator service providers; business networks; market research organizations; and search information providers;

    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services;

    • Technical Data and Usage Data from analytics providers.

​​

How we use your personal data (Legal basis)

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

​

  • Where it is necessary for the performance of a contract with you or to take steps to enter into a contract with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, to enable us to give you the best and most secure customer experience.

  • Where you have given your consent to the processing of your personal data for a particular purpose, for example if you subscribe to a promotional newsletter or agree to an online meeting or call being recorded.

  • Where we need to comply with a legal or regulatory obligation.​​

Purposes for Which We Use Your Personal Information

​​

The purposes for which we will process your personal information and the lawful basis of processing on which we rely are described below.

​

Purpose/Activity

To onboard you as a customer and carry out background checks

Type of Data:

  • Identity Data

  • Contact Data

  • Background Check Data (where applicable)

  • Financial Data

  • Marketing and Communications Data

Lawful Basis for Processing:

  • Performance of a contract with you.

  • Consent (to the extent special category or criminal convictions data is required, after providing all relevant information).

  • Necessary to comply with a legal obligation.

​

Purpose/Activity

To provide our services to you (including managing payments and handling the personal information of others on your behalf)

Type of Data:

  • Identity Data

  • Contact Data

  • Financial Data

  • Transaction Data

  • Matter Data

Lawful Basis for Processing:

  • Performance of a contract with you.

  • Consent (where required or for special category or criminal convictions data).

  • Necessary to comply with a legal obligation.

  • Necessary for our legitimate interests (to provide our services).

 

Purpose/Activity

To manage our relationship with you, including dealing with any queries and seeking feedback

Type of Data:

  • Identity Data

  • Contact Data

  • Financial Data

  • Transaction Data

  • Matter Data

  • Technical Data

Lawful Basis for Processing:

  • Performance of a contract with you.

  • Necessary to comply with a legal obligation.

  • Necessary for our legitimate interests (to keep our records updated, manage and improve services, run our business efficiently, recover amounts due, and protect legal rights).

 

Purpose/Activity

To administer and protect our business and website (e.g., troubleshooting, operational analysis, testing, system maintenance, support, reporting, and data hosting)

Type of Data:

  • Identity Data

  • Contact Data

  • Technical Data

  • Usage Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (running the business, provision of IT services, network security, fraud prevention, and business restructuring).

  • Necessary to comply with a legal obligation.

 

Purpose/Activity

To use data analytics to improve our website, marketing, products/services, customer relationships, and experiences; and to measure the effectiveness of our communications and marketing

Type of Data:

  • Technical Data

  • Usage Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (improving marketing materials, user experience, and informing marketing strategy).

  • Consent (for the setting of cookies).

 

Purpose/Activity

To deliver relevant website content and online advertisements to you and measure their effectiveness

Type of Data:

  • Identity Data

  • Contact Data

  • Transaction Data

  • Matter Data

  • Technical Data

  • Usage Data

  • Marketing and Communications Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (to understand customers, develop and market services, and inform marketing strategy).

  • Consent (e.g., for the setting of cookies).

 

Purpose/Activity

To send you relevant marketing, service communications, personalised suggestions, business updates, blogs, and invitations to events/webinars

Type of Data:

  • Identity Data

  • Contact Data

  • Transaction Data

  • Matter Data

  • Technical Data

  • Usage Data

  • Marketing and Communications Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (direct marketing to business customers and growing services).

  • Consent (if required).

 

Purpose/Activity

To follow up on sales leads, requests for information, third-party lead generation, market research, building a database of contacts/prospects, and informing marketing and sales activities

Type of Data:

  • Identity Data

  • Contact Data

  • Marketing and Communications Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (to qualify sales leads, make sales, grow the business, and study customer behaviour to improve services).

 

Purpose/Activity

To provide and manage our services and ensure the efficient running of our business

Type of Data:

  • Identity Data

  • Contact Data

  • Financial Data

  • Transaction Data

Lawful Basis for Processing:

  • Necessary for our legitimate interests (to manage services and ensure efficient business operations).

Direct Marketing​​

You may receive our communications, including legal and business updates, blogs and invitations to our events, if you have requested information from us, if you are a customer, if you have provided us with your details or if we have identified you as someone who may be interested in our services and you have not unsubscribed from our marketing communications.

​

You can unsubscribe from our marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing our info address (see Introduction) at any time. If you opt out of receiving marketing communications, you will still receive service-related communications for administrative or customer service purposes.

​​

Third-party marketing

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

​

Cookies

For information about the cookies we use and how to change your cookie preferences, please see our Cookies Notice on our website.

​

Who we share information with

 

We may share your personal data with carefully selected third parties for the purposes set out above, including:

  • our own consultants involved in providing services to you;

  • third parties involved or engaged in the course of the services we provide;

  • third party service providers such as AI, data hosting and IT support suppliers who we use to help manage our business and provide our services. Please email our info address (see Introduction) if you would like details of our service providers. 

  • insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims.

  • taxation authorities, regulators, law enforcement agencies and other authorities if required by such authorities or by due process of law.

  • third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with agreed terms .

 

International transfers of your personal data

 

Your personal information will be processed by us in the UK and the European Economic Area (EEA).  Some of your personal data may be transferred, stored and/or processed outside of the UK and the EEA (including in the US) as our suppliers sometimes operate from outside of these jurisdictions. Whenever we transfer your data outside of the UK/EEA we ensure a similar degree of protection is afforded to it by utilising data transfer safeguards prescribed by data protection laws. Please email our info email address (see introduction) if you would like details of the appropriate safeguards.

 

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, consultants, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

​

Retaining and deleting personal data

​

We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, regulatory, tax, accounting or reporting requirements, resolving disputes, and enforcing our agreements. 

Where we no longer need to process your personal data for the purposes set out in this privacy notice, we will delete your personal data from our systems unless we need to retain a limited amount of information to make sure that we act in accordance with your wishes.

Where permissible, we will delete your personal data on your request. Information on how to make a deletion request can be found in the section Your Rights below.

​

Please email our info address (see Introduction) if you would like details of our retention periods for different kinds of personal data.

 

 

Your Rights 

You have certain legal rights with respect to your personal information depending on which lawful basis we rely on, your location, and applicable laws.  You may exercise your rights at any time by contacting us at our info address (see Introduction).

 

Your rights if you are resident in the UK or the EEA

​

Right of access (Subject Access Request or SAR)

You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.

​

Right to rectification

You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Please keep us informed if your personal data changes during your relationship with us.

​

Right to erasure

You have the right to ask us to delete your personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with law.

​

Right to data portability

In certain circumstances, you have the right to have data we hold about you transferred to yourself or another data controller. Note, this right only applies to information that is processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

​

Right to restrict or object processing

You have the right to ask us to:

  • limit how we can use your personal information

  • not to process your personal data for direct marketing purposes

  • object, on grounds relating to your particular situation, to the processing of your personal data (including profiling) where we are relying on a legitimate interest.​

​​

Right to withdraw consent

The right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

​

Right to complain

The right to lodge a complaint with the UK Information Commissioners Office  or other data protection supervisory authority applicable to you if you are unhappy with the way we are handling your personal data.

​

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

​

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

How to complain

 

If you have any concerns about our use of your personal data, you can make a complaint to us using the info email addressing the Introduction. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

​

TIP January 2025

bottom of page