Who are we?
We are the Bishop Group and we are made up of the companies Bishop IP Investigations Limited and Bishop International Limited.
We provide investigations services on behalf of our clients and these investigations can involve the processing of personal data of our clients, their employees, former employees and potential employees or anyone else that forms part of the investigation.
Which of our group companies is the data controller for your personal data will depend on the investigation services that we are carrying out (or that we are talking to you about if you are a prospective client):
- for services regarding Intellectual Property, Bishop IP Investigations Limited will be the data controller; and
- for all other services (such as corporate investigations and strategic intelligence), Bishop International Limited will be the data controller.
Throughout this policy, for ease of reference, when we refer to the “Bishop Group“, or “we“, “us” or “our”, we are referring to the entity that is the data controller for your personal data. In some instances, this might be both Bishop IP Investigations Limited and Bishop International Limited.
At the Bishop Group, we are committed to protecting and respecting your privacy, whilst striving to provide you with the very best service. We work very hard to keep your information safe and we want our services to be safe and enjoyable for everyone. We also recognise that it is important for you to understand how we use your personal information.
We have a legal duty to protect personal information that we collect under the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”). For the purpose of the DPA and GDPR, we (the relevant Bishop Group entity) are the data controller (in other words, the organisation that determines how your personal information is used) and each Bishop Group entity may be contacted at 10 Bolt Court, 3rd Floor, London, EC4A 3DQ and by email to email@example.com.
This website is not intended for children and we do not knowingly collect or process data relating to children.
What personal data do we collect about you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the ability to identity a person has been removed (anonymous data).
The personal data that we collect from or about you may include the following (depending on whether you are a client or potential client or whether we process your personal data as part of an investigation):
- Email address
- Telephone number
- Postal address
- Date of birth
- Marital status
- Any sanctions, judgments or proceedings brought against you (including criminal record data)
- Information relating to your personal finances and your economic interests (such as where you or a family member have an economic stake in an organisation)
- Current and historic job roles and employers including professional references and performance information
- Your immigration and right to work status
- Other information about you collected from background checks, references and referees including character references
- Information you post on your social media accounts (if publicly available)
- Any other information that you, or anyone else, give to us about you
- Any other personal information about you (or anyone else connected to you) that we process as a result of carrying out investigations for of our clients
- Technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, device types, operating system
- Information about your visit to our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse the website
- Your social media handle/user name details if you engage with us on social media
How do we collect personal data about you?
We may collect personal data about you in a variety of ways which include:
- when you access our website
- when you ask us to provide you with services and use our services;
- when you contact us
- when you engage with us on social media (for example by mentioning/tagging us or by contacting us directly)
- when you give it to us in conversations with us or a third party appointed by us or in any data capture form that is provided to you as part of an investigation
- where someone else has given it to us. This may be from one of your colleagues, your nominated referees, or anyone else that we choose to speak to about you as part of an investigation
- from any other background checks that we may carry out about you
- from any other relevant business information that we review (such as performance review information)
- from public sources, where your personal data is publicly available
- any other sources that feed into an investigation
How do we use your personal data and what are our justifications for doing so?
|How and why we use your personal data||What is our legal justification for processing your personal data|
|To carry out our investigations on behalf of our clients, including (in some cases) the provision of a final report to our clients.||Sometimes we rely on our or our client’s legitimate interests to carry out our investigations on behalf of our clients and sometimes we rely on the consent of the person that we are talking to or about.
We may sometimes (depending on the type and scope of our investigation) also rely on the fact that our processing of your data is related to the detection and prevention of crime and as such, certain exemptions may be applicable to our processing of your data.
|To process client/potential client data to respond to queries about our services and to provide services to our clients.||We rely on our legitimate interests to respond to queries about our services and rely on performance of a contract where clients have engaged us to provide services.|
|We may use your personal data to tell you about relevant products/services and offers (“marketing”).||We will normally rely on our legitimate interests to market to our clients and potential clients, unless they are individuals, in which case we will rely on consent to send them marketing messages.
You can ask us to stop sending you marketing messages by contacting us at any time at firstname.lastname@example.org or by clicking ‘unsubscribe’ in our marketing message.
|To monitor the use of our website and ensure that it is presented in the most effective and relevant manner for you and your device.
|We have a legitimate interest to ensure that our website works properly and that our products and services are high quality and efficient.
|To detect, investigate, report, and seek to prevent financial crime or other illegal activity||In some cases we will use your personal data because it’s necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency).
In other cases (such as the detection of fraud or managing risk for our clients) we will rely on our legitimate interests as a business to use your personal data in this way.
|To manage risk for us and our clients|
|To fulfil our legal and compliance-related obligations|
|For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our website.||We have a legitimate interest to respond to your contact for the purposes of administering our business.|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How do we share your information?
In order for us to provide our services to you, we share your personal data with our trusted third-party service providers as detailed below. In order to provide our services, we may also need to share personal data within the Bishop Group.
To fulfil orders for products and services:
We work with a number of trusted service providers who carry out services on our behalf. When you purchase services from us, the services provided by these providers include the provision of specific information relevant to our clients’ requests. ]. It is in our legitimate interests as a business to work with these service providers since we may not have the capabilities to provide these services ourselves. In each case, we will ensure that the service provider is only allowed to use your personal data in order to provide the services to us and for no other purpose.
Other professional services:
We may need to disclose your personal data to our insurers where we believe that it is required under our contractual relationship with our insurance provider to do so.
We work with carefully selected third parties, such as our marketing agencies who assist us in providing you with a positive customer experience.
Sharing data to prevent crime and otherwise comply with laws:
There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law.
Where our group structure changes
We may also share your personal data if we choose to sell, transfer, or merge parts of our business and/or group, or our assets in the future. Or we may seek to acquire other businesses or merge with them. During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and private. If a change to our group happens, then other parties may use your data in the same way as set out in this notice.
Where we transfer and store personal data
We may transfer your personal data outside of the UK and the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA.
Whenever we send (or permit a third party to send) your personal data outside of the UK and the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms.
Security of your personal information
We take the security of your information very seriously and have put physical, technical, operational and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.
Retention of personal information
We will keep your personal information for limited and appropriate periods of time only and the applicable retention periods will always be linked to our purposes for processing your personal information. This means that the retention periods will vary according to the type of personal information being processed.
If you would like more information on our data retention practices, please contact email@example.com.
Your rights in your personal information
You have certain rights in respect of the personal information that we hold about you.
You have the right:
- to ask us not to use your personal data for direct marketing purposes;
- to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party);
- to ask us to correct or update any personal data which is inaccurate;
- to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;
- to ask us to temporarily stop using your data if you don’t believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and
- not to be subject to decisions made solely on the basis of ‘automated processing’ (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.
To exercise any of these rights, please contact firstname.lastname@example.org.
Changes to our policy
This policy was last updated on 13 January 2021
Contact and complaints