AC CHAPTER ONE PRIVACY POLICY

In this policy AC Chapter One Limited whose registered office and principal office is at 2nd Floor, 22 James Street, Covent Garden, London WC2E 8NS (“ACCO” or “we”) inform you about how we collect, use and disclose personal data from and about you, through this website www.acchapterone.com and any of our associated mobile sites, apps, interactive services such as Instagram and Twitter (“ACCO Services”). This Privacy Policy does not cover any applications you make to take part in any television programmes we produce and/or our recruitment processes as these are subject to separate privacy policies.

What and who this Privacy Policy covers?

AC Chapter One Limited is the data controller of the personal data (e.g. information that identifies a specific person, such as full name or email address) we collect from and about you through the ACCO Services. This Privacy Policy and our Cookie Policy applies to all users, including both those who use ACCO Services without being registered or having subscribed and those who have registered with or subscribed to a ACCO Service. ACCO Services are for a general audience, are not targeted at children, and do not knowingly collect personal data from children under 16 years of age.

What kind of personal data do we collect about you?

We might collect data from and about you when you (i) submit questions or material to us, (ii) register on this site or (iii) e-mail us.

ACCO may collect:

Registration data:
information you submit to register for a ACCO Service (if made available by ACCO), for example to create an account, post comments, receive a newsletter. This data may include, for example, name, surname, email address, gender, country, postcode and age.

Public data and posts:
comments or content that you post on ACCO Services (e.g. on ACCO’s Twitter or Instagram accounts) and personal data about you that accompanies those posts or content, which may include a name, username, comments, likes, status, profile information and picture. Public information and posts are always public, which means they are available to everyone and may be displayed in search results on external search engines.

Data from social media:
if you access or log-in to a ACCO Service through a social media service or connect a ACCO Service to a social media service, the data we collect may also include your user ID and/or user name associated with that social media service, any information or content you have permitted the social media service to share with us, such as your profile picture, email address or friends lists, and any personal data you have made public in connection with that social media service. When you access ACCO Services through social media services or when you connect a ACCO Service to social media services, you are authorizing ACCO to collect, store, and use such personal data and content in accordance with this Privacy Policy.

Information from Other Sources:
we may supplement the information we collect with information from other sources, such as publicly available information about your online and offline activity from social media services and commercially available sources.

Information from you:
if you supply us with your contact information or any other information as part of any customer support we provide you with or if you make a complaint or enquiry or provide other feedback to ACCO we will collect that too.

We do not collect:

Sensitive Information:
We ask that you do not send us, and you do not disclose, any sensitive personal data (such as national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background or trade union membership) on or through ACCO Services. We may need additional information in order to work together but we will ask for this specifically and additional care is taken in processing special category data.

Linked Services:
ACCO Services may also be linked to sites, including social media sites, operated by unaffiliated companies (such as broadcaster, distributor sites) and may carry advertisements or offer content, functionality, games, newsletters, contests or applications developed and maintained by unaffiliated companies. ACCO is not responsible for the privacy practices of unaffiliated companies, and once you leave ACCO Services or click an advertisement you should check the applicable privacy policy of the other service.

How do we use your personal data?

The main reason why we collect data about you is to provide you with ACCO Services and to allow you to interact with those services. In addition, with your prior consent, we can send you offers, promotions and marketing communications, also based on your personal preferences and habits.

We use the personal data we collect from and about you to:

a) provide ACCO Services and features to you;
b) measure, analyse and improve those ACCO Services and features;
c) improve your experience with both online and off-line ACCO Services by delivering content you may find relevant and interesting;
d) allow you to comment on content, and participate online;
e) provide you with customer support and to respond to inquiries;
f) protect the rights of ACCO and others. There may be situations where ACCO has a good faith belief that processing is necessary in order to: (i) protect, enforce, or defend the legal rights, privacy, safety, or property of ACCO, our ACCO affiliates or their employees, agents, contractors, licensors and suppliers (including enforcement of our agreements and our terms of use); (ii) protect the safety, privacy, and security of users of ACCO Services or members of the public; (iii) protect ACCO, as well as other third parties involved, such as ACCO suppliers, against fraud or for risk management purposes;
g) comply with applicable laws or legal process and/or respond to requests from public and government authorities;
h) complete a corporate transaction, such as a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of ACCO business, assets or stock (including in connection with any bankruptcy or similar proceedings). For example, if ACCO is involved in a merger or transfer of all or a material part of its business, ACCO may disclose and transfer your personal data to the party or parties involved in the transaction as part of that transaction;
i) allow social sharing functionality; if you log in with or connect a social media service account with ACCO Services, we may share your username, picture, and likes, as well as your activities and comments with other ACCO Services users and with your friends associated with your social media service. We may also share the same personal data with the social media service provider;
j) with your prior consent, send you (via email, SMS, telephone, chat and social media) offers, promotions and other marketing communications regarding ACCO Services, other services/products of ACCO and/or ACCO affiliates, such as contests or other promotions arranged together with a third party or ACCO affiliate that may be hosted on ACCO Services or on ACCO affiliate or third party’s service;
k) with your prior consent, send to you marketing communications customized to your interests and needs by means of the channels of communication set out under letter j) above.
l) We may use anonymised information or information that no longer identifies you personally, even indirectly (e.g. statistics) for any purpose or share it with third parties.

On what basis do we use your personal data

Your personal data is mainly collected in order to provide you with ACCO Services.

Your personal data is also necessarily collected to comply with legal obligations or to pursue the legitimate interests of ACCO. If you don’t provide the data we won’t be able to offer you ACCO Services. When your personal data is collected for marketing purposes, you have the option not to provide ACCO with your personal data.

We need this information to process your requests and we do not regard it as excessive. Other relevant details that you provide in relation to the services you receive from us may be added to your data, but anything not required will be deleted immediately. We will not ask for any irrelevant information. If your contact details change, please advise us and we will update our records accordingly. We do not carry out automated decision making or any type of automated profiling. We will always process your data in a fair and lawful way in accordance with article 5 and article 6 of the GDPR.

We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion.

We regularly complete Legitimate Interest Assessments to ensure that our marketing activities are considered, appropriate and are in accordance with all relevant legislation.

Who can access your personal data?

The security of your data is a priority for us. We have implemented adequate administrative, technical and physical measures designed to safeguard your personal data against loss, theft and unauthorised use, disclosure or modification.

We may share your personal data to the following categories of recipients located within the European Union or outside of the European Union in compliance with and within the limits of this policy:

a) third party service providers entrusted with processing activities and duly appointed as processors when required by applicable laws e.g. cloud service providers, other entities of the group, providers of services instrumental to or supporting ACCO Service including for companies that provide IT services, experts, consultants, lawyers and companies resulting from possible mergers, demergers, or other transformations;
b) ACCO affiliates (such as broadcasters and distributors) in their capacity as data controllers or data processors;
c) business partners after your prior consent, ACCO may share your personal data with business partners operating in the sectors named within that specific consent to permit them to send you marketing communications; and
d) competent authorities in order to comply with applicable laws and regulations.

How do we process your personal data?

We might share your personal data with: (i) service providers; (ii) our affiliated companies; and (iii) national authorities, when allowed by the applicable laws.

We process your personal data through both electronic and manual means. It is protected by adequate security measures, taking into account the state of art, the costs of implementation and the nature, scope, context and purpose of processing as well as the risk to the rights and freedoms of individuals. In particular, we use appropriate administrative, technical, personnel and physical measures to safeguard personal data of yours in ACCO’s possession against loss, theft and unauthorised use, disclosure or modification.

Is your personal data transferred abroad?

Your personal data might be transferred to other countries within or outside the European Economic Area. We always make sure that appropriate and suitable safeguards compliant with applicable laws are in place to protect your personal data. Your personal data may be transferred to other countries (including countries other than where you are based that have a different data protection regime than the one existing in the country where you are based). If you are located in the European Economic Area (EEA), this may include countries outside of the EEA and in particular the United States. We have adopted appropriate safeguards to protect your personal data regardless of where it resides.

What are your rights with regard to your personal data?

You have a number of rights with regard to your personal data and these include the right to access, complete, update, amend and delete your personal data.

You have the right to:
a) obtain confirmation as to whether or not your personal data exists and to be informed of its content and source, verify its accuracy and request its rectification, update or amendment;
b) request the deletion, anonymisation or restriction of the processing of your personal data processed in breach of applicable law;
c) object to or request the limiting of the processing, in all cases, of your personal data for legitimate reasons;
d) receive an electronic copy of your personal data, if you would like to port the personal data, which you have provided to us, to yourself or to a different provider (data portability), when the personal data is processed by automatic means and the processing is either (i) based upon your consent or (ii) necessary for the provision of ACCO Service; and
e) lodge a complaint with the relevant data protection regulatory authority.

You may send your request to ACCO registered office (details above). In your request, please include your email address, name, address, and telephone number and specify clearly which information you would like to access, change, update, suppress, or delete.

We will need to confirm your identity and will only release your information when we know it’s you and if we legally have to. We will respond within one month once your identity is confirmed with the data that you have requested or will provide reasons why we cannot. We have up to three months for complex requests. You will not be charged for this unless it is deemed excessive or manifestly unfounded.

You will need to prove your identity with 2 pieces of approved identification which can be a: passport, driving licence, birth certificate, utility bill (from last 3 months), current vehicle registration document, bank statement (from last 3 months) or a rent book (from last 3 months). We will verify your identity, noting how and when we verified it, then we will immediately delete that data. We will send you a form which clarifies what information you are looking for and to verify your identity.

Remember that even after you cancel your registration (if applicable) or if you ask us to delete your personal data, copies of that information from your registration may remain viewable in some circumstances where, for example, you have shared information with social media or other services or, for example, when retention of copies is necessary to comply with legal obligation or legal defence. Because of the nature of caching technology, your registration may not be instantly inaccessible to others. We may also retain backups of your personal data on our servers for some time after cancellation or your request for deletion, to comply with applicable law.

Where your personal data is used for marketing purposes you may revoke your consent for:

• receiving electronic communications from us. If you no longer want to receive future marketing-related emails from us you may opt-out of receiving them by following the unsubscribe instructions in our communications or write to ACCO registered office (details above). If you do opt out of receiving further marketing communications ACCO may continue to send you administrative communications related to the provision of ACCO Services.

• our sharing of your personal information with ACCO affiliates or business partners for their marketing purposes. If you would prefer that we do not share your personal information in the future with ACCO affiliates and/or business partners for their direct marketing purposes, you may opt-out of this sharing by sending a request to ACCO registered office (details above). We will be specific in where your information will be shared and it will always be used for its original and related purpose.

Data Breaches

We have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.

Retention period applying to your personal data

The personal data we collect is retained only for the period necessary to fulfil the purposes for which that data is collected and at the end of such period your personal data will be either cancelled, anonymised or aggregated. We have a data retention schedule which details how long we keep each type of data for and details what happens to that data at the end of the data retention period.

Updates to this Privacy Policy

We may modify or update this Privacy Policy at any time in order to comply with applicable law. We will notify you of any changes.

How can I contact you with regard to the processing of my personal data?

You can contact us at the following email informationofficer@acchapterone.com

Comments and Complaints

If you have any comments or concerns, we would love to hear from you at the above address.

If you have any concerns about how your data is being used or processed and we have not been able to help you, then you can contact the ICO. Ways to report concerns are detailed on their website: https://ico.org.uk/concerns/

Cookie Policy

Our website uses the host Squarespace. AC Chapter One does not use any analytics and only uses functional and required cookies as detailed in their cookie policy:

https://support.squarespace.com/hc/en-us/articles/360001264507#toc-functional-and-required-cookies

Name:
Purpose, type, and duration

_acloggedin
• Supports login by Scheduling client if the client has an account.
• Cookie
• January 1, 2025

_client_acloggedin
• Supports login by Scheduling client if the client has an account.
• Cookie
• January 1, 2025

algoliasearch-client-js
• Adds auto-populated suggestions to address fields in Scheduling to help clients complete forms faster.
• localstorage
• Persistent

CART
• Shows when a visitor adds a product to their cart
• Cookie
• 2 weeks

CHECKOUT_WEBSITE
• Identifies the correct site for checkout when Checkout on Your Domain is disabled.
• Cookie
• Session

client_username
• Remembers a logged in Scheduling client's username between visits
• Cookie
• 1 year

Commerce-checkout-state
• Stores state of checkout while the visitor is completing their order in PayPal
• sessionstorage
• Session

Crumb
• Prevents cross-site request forgery (CSRF).
• Cookie
• Session

hasCart

• Tells Squarespace that the visitor has a cart
• Cookie
• 2 weeks

Locked
• Prevents the password-protected screen from displaying if a visitor enters the correct site-wide password.
• Cookie
• Session

PHPSESSID
• Securely authenticates a visitor during their checkout in Scheduling.
• Cookie
• 1 month

RecentRedirect
• Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.
• Cookie
• 30 minutes

remember_client
• Remembers Scheduling client’s login details if they have an account.
• Cookie
• 365 days

siteUserCrumb
• Prevents cross-site request forgery (CSRF) for logged in site users.
• Cookie
• 3 years

SiteUserInfo
• Identifies a visitor who logs into a customer account
• Cookie
• 3 years

SiteUserSecureAuthToken
• Authenticates a visitor who logs into a customer account
• Cookie
• 3 years

squarespace-announcement-bar
• Prevents the announcement bar from displaying if a visitor dismisses it
• localstorage
• Persistent

squarespace-likes
• Shows when you've already "liked" a blog post.
• localstorage
• Persistent

squarespace-popup-overlay
• Prevents the promotional pop-up from displaying if a visitor dismisses it
• localstorage
• Persistent

ss_cookieAllowed
• Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies
• Cookie
• 30 days

ss_sd
• Ensures that visitors on the Squarespace 5 platform remain authenticated during their sessions.
• Cookie
• Session

Test
• Investigates if the browser supports cookies and prevents errors.
• Cookie
• Session

TZ
• Allows a Scheduling client’s appointments to display correctly based on their time zone preferences.
• localstorage
• Persistent

Cross-site request forgery (CSRF)

CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.

To find out more about cookies, including how to see what cookies have been set and how to disable them, please visit www.aboutcookies.org or www.allaboutcookies.org.

Effective Date: May 2022