Black Sun Global is an international stakeholder engagement agency that helps global brands drive change. At the forefront of corporate communications, we offer integrated solutions, covering strategy, reporting, ESG advisory and digital activation. Black Sun Global is the trading name of Black Sun Ltd.
Black Sun Ltd ("Black Sun", "we", "us", or "our") is strongly committed to protecting Personal Data. This notice describes why and how we collect and use Personal Data and provides information about individual's rights.
It applies to Personal Data provided to us, both by individuals themselves and by others. We may use Personal Data provided to us for any of the purposes described in this Privacy Notice or as otherwise stated at the point of collection.
Personal Data is any information relating to an identified or identifiable living person. Black Sun processes Personal Data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using Personal Data, our Notice is to be transparent about why and how we process Personal Data. To find out more about our specific processing activities, please go to the relevant sections of this notice.
We take the security of all the data we hold very seriously. We adhere to internationally recognised security standards and our information security management system relating to confidential data is independently certified as complying with the requirements of ISO/IEC 27001:2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only collect and/or process your Personal Data in accordance with applicable data protection and privacy laws.
In most cases, we process your Personal Data for all the purposes identified below on the basis that it is in our legitimate interests (for example, to allow us to provide you with our services; to monitor, analyse and improve our services), or the legitimate interests of third parties with whom we share your data, to carry out these activities.
Some of our processing is necessary for compliance with legal obligations (for example, for security and fraud prevention).
Where we cannot rely on another legal basis (for example, in respect of the use of your Personal Data for email marketing purposes) we process this on the basis that we have obtained your consent to do so.
Visitors to our websites are generally in control of the Personal Data shared with us. We receive Personal Data, such as name, title, company address, email address, and telephone numbers, from website visitors; for example, when an individual subscribes to updates from us, registers for an event, or requests research materials. Visitors are also able to send an email to us through our website. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.
We use small text files called ‘cookies’ which are placed on your hard drive. The use of cookies is now standard operating procedure for most websites. However, if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies to register on our websites. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our websites, you can always delete the cookie from your system if you wish. You can find out more details regarding our use of cookies in our Cookies policy.
When a visitor provides Personal Data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the collection). Typically, Personal Data is collected to:
Our websites may contain links to third party websites and features. This Notice does not cover the privacy practices of such third parties. These third parties have their own privacy policies, and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them. For example, we may link to social media pages through widgets, or we may provide links to industry reports.
Personal Data collected via our website will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual). Once the period above has concluded, we will either:
We have security measures in place at our offices, including sign in procedures and building access controls. We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to investigate an incident). Once the period above has concluded, we will permanently destroy the relevant Personal Data.
Black Sun processes Personal Data about contacts (existing and potential Black Sun clients and/or individuals associated with them) using a customer relationship management system (the “Black Sun CRM”).
The collection of Personal Data about contacts and the addition of that Personal Data to the Black Sun CRM is initiated by a Black Sun user and will include name, employer name, contact title, phone, email and other business contact details. In addition, the Black Sun CRM may collect data from Black Sun email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between Black Sun users and contacts or third parties.
Personal Data relating to business contacts may be visible to and used by Black Sun users to learn more about an account, client or opportunity they have an interest in, and may be used for the following purposes:
Black Sun does not sell or otherwise release Personal Data contained in the Black Sun CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.
Personal Data will be retained on the Black Sun CRM for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact). Once the period above has concluded, we will either:
We collect and process Personal Data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
We use Personal Data for the following purposes:
We retain the Personal Data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal Data may be held for longer periods where extended retention periods are required by law or regulation and to establish, exercise or defend our legal rights. Once the period above has concluded, we will either:
When applying online for jobs at Black Sun, any Personal Data provided by you to us will only be used to facilitate the transfer of information for recruitment purposes.
We usually collect Personal Data directly from you when you apply for a role with us, such as your name, address, contact information, work and educational history, achievements, desired salary expectations, and test results.
We use Personal Data for the following purposes:
We may also analyse your Personal Data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We process your Personal Data for the purposes described above when:
We retain job applications for a period of 12 months; however, we may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of one of our recruiting programmes. Once the period above has concluded, we will either:
If you submit your application for one of our roles, but subsequently wish to withdraw your application, please contact us at [email protected].
Third Parties Designated by You: We may share your Personal Data with third parties where you have provided your consent to do so.
Our Third-Party Service Providers: We may share your Personal Data with our third-party service providers who provide services such as data analysis, distribution partners, resellers, HR services, information technology and related infrastructure provision (such as Amazon Web Services), customer service, email delivery, auditing and other similar services. These third parties are only permitted to use your Personal Data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your Personal Data.
Corporate Restructuring: We may share Personal Data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
Other Disclosures: We may share Personal Data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Notice; and (d) to protect our rights, privacy, safety
or property, and/or that of you or others.
To provide you with the best possible service and to improve our offerings, we may share your personal data with other companies that form part of our corporate group. These companies are bound by the same privacy obligations and data protection standards outlined in this policy. The sharing of your data within the group is conducted to ensure consistency in service, enhance our products and services, and to carry out internal administrative functions.
International Data Transfer: We may be required to transfer your information, including Personal Data that we collect from you, outside the country in which you reside where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. To ensure that your Personal Data receives an adequate level of protection and is treated securely, we will put appropriate safeguards in place to protect the privacy and integrity of such Personal Data.
Individuals have certain rights over their Personal Data and data controllers are responsible for fulfilling these rights. Where we decide how and why Personal Data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
The right to be informed
This privacy notice is our way of informing you of your rights and of how we process information.
The right of access
You have the right to confirm whether we are processing your data, and the right to obtain a copy of the data that we hold, also known as a “Data Subject Access Request”.
To obtain this, you may contact us at [email protected].
The right to rectification
If any information we hold is inaccurate or incomplete, you have the right to have that information amended.
The right to erasure
You have the right to have your information deleted. We will endeavour to fulfil this without undue delay if
we are not obliged to keep the information to comply with any other legislation.
The right to restrict or object to processing
You have the right to block or restrict our processing of your data; on receipt of this objection, we will stop processing your data, but this will not affect any processing done so far.
The right to data portability
You have the right for your information to be provided in a machine-readable format to enable easy transfer between processors. This right is available to any personal data provided by you.
The right not to be subject to automated decision making
If we use automated decision making, we will let you know how, where, and why this will happen.
The right to withdraw consent
If you provide data to us, you may withdraw consent to processing of said data at any time.
The right to complain
If you wish to complain about our use of Personal Data, please send an email with the details of your complaint to us at [email protected]. You also have the right to lodge a formal complaint with a data protection authority.
For further information, refer to the UK data protection regulator (Information Commissioner’s Office/ICO) website: https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint .
We recognise that transparency is an ongoing responsibility so we will keep it under regular review. All changes we make will be described on this page.
This Privacy Notice was last updated on 10th August 2024.
Black Sun Ltd, registered in England, Registered number: 01557279
Registered office: Fulham Palace, Bishops Avenue, London SW6 6EA