Privacy Policy

Welcome to the Privacy Policy of Adam Smith International Ltd. and its group.

 

Adam Smith International Ltd and its group (“ASI”) respects your privacy and is committed to ensuring appropriate protections are in place for your personal data. We seek to comply with all currently applicable legislations regarding the protection, security and confidentiality of personal data. This privacy policy will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

 

This Privacy Policy (“policy”) is provided in a layered format so you can navigate through to the specific areas set out below. Alternatively, you can download a pdf version of the policy here. Please also use the Glossary to understand the meaning of some of the bases on which we may process your personal data.

1 Important information and who we are

Purpose of this Privacy Policy

This policy aims to give you information on how ASI collects and processes your personal data through:

  • your use of this website,
  • a visitor to ASI offices and our websites,
  • a participant in any of our events and conferences,
  • a donor, client, partner, grantee or a receiver of funds for ASI projects, or
  • when you otherwise choose to interact with us.

This policy does not provide information about how we process personal data of our employees, our advisers and any applicants for these roles.  Please see our privacy notices.

This website is not intended for children (aged under 18 years) and we do not knowingly collect data relating to children.

Regardless of the capacity in which you are engaging with us, protecting your privacy is important to us and is a responsibility that we take very seriously. It is important that you read this privacy policy together with any other privacy policy or fair processing notice which we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This policy supplements other notices and privacy policies and is not intended to override them.

Controller

ASI is made up of different legal entities. When we mention “ASI”, “we”, “us” or “our” in this policy, we are referring to the relevant company in the ASI Group responsible for processing your data. Adam Smith International Ltd. is the controller and is  responsible for this website.

We have a dedicated compliance team who is responsible for  overseeing questions in relation to this policy. If you have any questions about this policy or our privacy practices, including any requests to exercise your legal rights, please contact using the details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact in the following ways:

Full name of legal entity: Adam Smith International Ltd.

Email address: compliance@adamsmithinternational.com

Postal address: See below

Please check back regularly as we may update contact details for companies in the ASI Group.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2 The Data we collect about you

Personal data, or personal information, means any information about an individual through  which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes business and personal address, business and personal email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services that you may have supplied to us or we may have supplied to you.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices which you use to access this website.
  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Video footage/images, when you visit our premises, attend any conferences or any meetings we may arrange or where you have agreed to participate in surveys or other work that we are doing such as telling stories about our beneficiaries. We may also collect information about you on CCTV as part of our security and crime prevention measures.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this  policy.

In the event we are required to process Special Category data, for example, to comply with our vetting and duty of care obligations or for any other necessary reason, we shall seek your explicit consent to do so.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have in place or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

3 How is your personal data collected?

We use different methods to collect data from and about you, including through:

  • Direct interactions.

You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data that you provide when you:

  • apply for our tenders;
  • collaborate with us to deliver projects;
  • create an account on our website;
  • subscribe to our service or publications;
  • request marketing communications to be sent to you;
  • enter a competition, promotion or survey; or
  • give us feedback or establish contact with us.
  • Automated technologies or interactions.

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.

  • Third parties or publicly available sources.

We sometimes collect personal data about you from trusted third parties, in connection with Services that we provide to you or propose to provide to you, where appropriate and to the extent we have a justified basis to do so. These include fraud-prevention agencies, business directories, credit check reference/vetting agencies and connected network providers. Your personal data may also be provided to us on occasion by our existing donors, clients and partners. Anyone who provides you with access to your Services may also provide us with your personal data in that context.

We may combine the personal data that we receive from such other sources with personal data you give to us and with information we automatically collect about you.   For example, where we need to run a credit check, and then compile a profile of you based on the credit check data and the personal data  you have provided.

4 How we use your Personal Data

In UK, our principal justification (sometimes referred to as “legitimate” or “lawful basis” legal basis) for processing any particular category of personal data will vary, depending  upon the information itself, our relationship with the subject of the personal data, the service being provided, the specific legal and regulatory requirements of the country in which the services are being provided, the personal data processed and  several other factors. Subject to modifications in specific countries, the legal basis for our processing  activities  is as follows:

  • In order to communicate adequately with you as a user of our services and to respond to your requests, we need to process information about you and therefore have a legitimate interestin processing this information to ensure the efficient and effective operation of our business;
  • In order to collaborate with subcontractors, advisors, partners and consultants and to deliver, we need to process information about you as necessary to enter into or perform a contractwith you;
  • We process personal data for marketing and sales activities based on your consent, where it is required and so indicated on our sites or at the time your personal data is collected, or further to our legitimate interestto market and promote our services;
  • We rely on our legitimate intereststo process personal data and/or other information in order to analyse, develop, improve and optimise our sites, projects and services, and to maintain the security and integrity of our sites, network and systems.
  • We also have a legitimate interest in using your personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary; or because applicable laws and and regulations or the public interest require us to, such as to comply with legal processes, law enforcement or regulatory authorities or to assist in the prevention, detection or prosecution of crime or to process an opt-out request.

In all other countries (except in the UK or in jurisdictions where requirements similar to those in the UK ,   s exist), our justification for processing your personal data will be based on legitimate interest (where available), your consent and/or acceptance of the terms and conditions (of any contract you have signed with us) and this Policy.

We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Cookies

Cookies are small text files that are stored on your computer as a result of visiting a website. This allows the site to know that you have visited before and, in some cases, can be used to record your preferences. Cookies can be used/stored for two reasons:

To help track usage patterns in order to improve and manage a website; or

To record preferences in order to personalise your visit to that website.

ASI uses cookies on its website. There are options within your browser to not accept or delete cookies should you wish to do so.You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

5 Disclosures of your Personal Data

We may also disclose your personal data to third parties:

  • Affiliates. We may disclose the personal data we collect from you to our subsidiaries. Where permitted by law and with your consent where required, our affiliates may use your information for the purposes indicated in this Policy, including to market their services to you. In processing your personal data, our affiliates follow practices at least as protective as those described in this Policy. A list of our subsidiaries and affiliates covered by this Policy and their locations is available on request by contacting compliance@adamsmithinternational.com.
  • Business, Sales and Marketing Partners. We may offer some of our Services together with or through third parties who may be donors, consultants, advisors, consortium partners, NGOs. If we do so, we will need to share your personal data with these third parties to assist in providing and marketing that service to you, reviewing compliance to terms of project delivery and applicable laws, adding your information to brochures or newsletters as well as to enable the third parties to market their own services to you (with your permission, if required).
  • Third-Party Service Providers. We employ other companies and individuals to perform functions that are necessary for the provision of the Services or for any of the purposes described above. Examples include: where permitted, jointly offering a service, delivery projects for the donors, sending communication, processing payments, assessing credit and compliance risks to give you access to our services, fraud and financial crime prevention detection and prosecution, analysing data, providing marketing and sales assistance (including advertising and event management), customer relationship management, training partners. We may disclose personal data to these third parties where necessary to provide our services or fulfil your requests, as well as entities that provide website hosting, customer service, and credit card processing, effecting payments, among others. These third-party service providers have access to personal data needed to perform the functions we have entrusted to them but may not use it for other purposes where they process your personal data on our behalf. Whenever we share personal data with third parties, we take steps to ensure that third party contracts contain appropriate protections for your personal data.
  • Business Transfers. If we are acquired by or merge with another company, or if substantially all of our assets are transferred to another company.
  • Legal Protection and in Response to Legal Process. We may disclose the personal data we hold about you in order to comply with applicable laws such as safeguarding or location based communications to fulfil our duty of care obligations, in response to or to pursue judicial proceedings, court orders and in other legal processes. We may also disclose, transfer or share it when we believe in good faith that disclosure is necessary: to protect or enforce our rights; protect your safety or the safety of others; investigate or prevent fraud; to respond to government requests – including from government and national or international law enforcement authorities outside of your country of residence – or for national security, public safety and/or law enforcement purposes. Personal data shall only be disclosed when we in good faith believe that we are obliged to do so in accordance with the law or that there are compelling reasons of public interest for us to do so. This will only be after a careful evaluation of all legal requirements and other relevant considerations, including any infringement on the fundamental rights to privacy or freedom of expression that might be impacted by the disclosure.
  • Sharing Aggregated and De-Identified Information. We may use your personal data to create aggregated and anonymised information which we may share with third parties. Nobody can identify you from that anonymised information. In other circumstances, we may also pseudonymise your personal data before sharing it with a third party so that we can re-associate you with the information once it has been processed and returned to us. Whilst the third party will not be able to identify you from the pseudonymised information, we will still be able to. We treat pseudonymised data as though it were personal data and ensure the same level of protection for it when sharing with third parties.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6 Marketing and Communications

Where permitted by applicable law and, if required, with your consent, we may send periodic promotional or informational emails to you. We may use the information submitted by you on social media platforms. If you take a social action (such as like, comment or share) on these platforms, your action is associated with your name and viewable by others, including ASI and we may use the information to make a contact with you. You may opt-out of such communications by following the opt-out instructions contained in the e-mail or other communication you have received or emailing us at internal.communications@adamsmithinternational.com. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you non-marketing communications about your account or any Services you have requested or received from us.

7 International Transfers

We share your personal data within the ASI Group. This will involve transferring your data outside the UK.

All ASI entities based outside the UK have signed an intra-group agreement applicable to transfer of personal data within and outside of the UK or to jurisdictions which do not provide adequate levels of protection for the personal data under applicable law. This agreement is based on the EU Commission standard contractual clauses. In this way, we ensure that adequate protections are in place for the security of your personal data when we transfer it to one of our affiliates, wherever they may be located in the world. You can obtain a copy of these clauses by contacting us.

We may need to share your data with third parties such as actual and potential donors, clients, partners and others as part of our normal business operations when, for example, we are bidding for new work. Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. We may also share your data with third-party service providers and entities within the ASI Group.

We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the UK. If we do, you can expect a similar degree of protection in respect of your personal information.

8 Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9 Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10 Your legal rights

Under the law of many countries and certain circumstances, you have certain rights in relation to your personal data and we respect and observe these rights. Such rights may include the rights to: ask us to confirm that we are processing your personal data, ask us for a copy of your personal data (including information regarding who we share your personal data with); to correct, delete or restrict (stop any activity) processing of your personal data; to limit the use and disclosure of your personal data; and to ask us to share your personal data with another person or organisation.

In addition, in certain countries, you can object to the processing of your personal data in certain circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). Where applicable, you can also withdraw the consent you have given us to process your personal data and request information on the consequences of not providing such consent.

These rights may be limited, for example: if fulfilling your request would reveal personal data about another person; where it would infringe the rights of a third party (including our rights); or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

To exercise any of these rights, to raise any concerns about our privacy practices, or to obtain other privacy related information, you can get in touch with us, see our contact details below.

For any questions about this Policy or our data protection practices please contact compliance@adamsmithinternational.com.

Our postal address for any questions about this policy is:

Adam Smith International Ltd
16 – 18 New Bridge Street

London

EC4V 6AG

United Kingdom

Email address: compliance@adamsmithinternational.com

To exercise any rights you may have in relation to your personal data under applicable laws, we encourage you to use the following form named ‘Data Subject Request Form’ and email it to dpo@adamsmithinternational.com.

If you have unresolved concerns, you may have the right to complain to your relevant national data protection authority. For example, in the UK, it is the Information Commissioner’s Office (ICO) – https://ico.org.uk/make-a-complaint/. However, Please do contact us before making such a complaint however as we would appreciate the opportunity to investigate and address your concerns first.

If you choose to make a request to us to exercise any of these rights, we will aim to respond to you as soon as we reasonably can but no later than one month. We will not charge a fee for dealing with any reasonable request.

11 Glossary: Lawful bases for processing

Legitimate interest means the interest of our business in conducting and managing our business to enable us to provide our beneficiaries and clients with our services. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your data for our legitimate interests. We do not use your data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your data where it is necessary for compliance with a legal obligation that we are subject to.

Public interest means in very limited situations where we use data in the public interest.  It is likely to be in the public interest to collect data to prevent crime and dishonesty and to ensure that we are not breaching any laws or rules relating to sanctions, so as to  ensure that we are fair in our practices in relation to equality and diversity,  monitoring or safeguarding  the people with whom we work, including beneficiaries.

We keep our privacy policy under regular review. This version was last updated in November 2023.