Privacy Policy

Lobium privacy notice

www.Lobium.ai is provided by Lobium Limited. 

This notice explains what personal information we collect, how it is used and shared. It applies to users of this website, our customers and clients.

This privacy notice was created on: 09-12-2021

Last updated: 08-05-2023

About us and how to get in touch

Lobium is the controller of the personal information we process unless otherwise stated.

We are a Limited Company registered in England and Wales at Companies House. Registration number: 13821282.

For data protection and privacy we are regulated by the UK’s Information Commissioner’s Office. Reference number: ZB288454.

You can contact us regarding your rights and this privacy notice by:

Email: timw@lobium.ai

How do we get your personal information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • We met in person or online and exchanged contact details
  • You contacted us to make an enquiry
  • You signed up to an event or to receive event invitations from us
  • You signed up to receive news from us
  • You joined our WhatsApp group
  • You registered and created an account on our platform
  • We are providing a product or service for you or your company
  • You have applied to work with us
  • You are working with us as a collaborator, constellation member, contractor or employee
  • You, or your company, are a supplier to us

We may also receive information about you indirectly, in the following scenarios:

  • Someone recommended you to us, introduced us or included you in communications with us
  • A friend or colleague invited you to an event
  • You have an existing relationship with our team
  • A previous employer or contact may provide us with a reference
  • Through publicly available information such as Twitter, LinkedIn, or websites of the European Institutions

We collect some information about you automatically in the following ways:

  • We use services to keep our website secure, they may notify us of your IP address if they identify suspicious activity
  • We use cookies or similar technologies by third parties. Some cookies are required for the operation of our services – these are called ‘strictly necessary’. 

We may use this information to:

  • Provide (commercial) services
  • Do business with you, including invoice or make payments
  • Share documents with you securely
  • Provide you with information that you request from us
  • Send you news and updates
  • Invite you to events and manage event attendance
  • Inform you of any changes to our products, services or website
  • Maintain legally required records, such as for accounting and tax
  • Employ, contract or work with you
  • Manage you and your work if you are employed or contracted by us
  • Operate discussion groups

For what purposes do we use your information?

We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Lobium.

We may use this information to:

  • Provide access to our platform’s services
  • We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Lobium.

Cookies

We use operational cookies and similar tools (collectively, cookies) for the purposes described below.

  • Recognising you when you sign-in to use our services.
  • Displaying dossiers and Lobium services which might be of interest to you
  • Keeping track of items stored in your shopping basket.
  • Preventing fraudulent activity.
  • Improving security.
  • Keeping track of your preferences.

We also use cookies to understand how customers use our services so we can make improvements. For example, we use cookies to conduct research and diagnostics to improve Lobium’s content, products, and services, and to measure and understand the performance of our services.

What is the legal basis for using this information?

Contractual obligation

If you ask us to do something before entering into a contract, and for providing products and services under contract – such as purchasing our services on our platform or a contracted project.

Consent

For the user optimisation and personalisation of our website. (freely given, specific, informed, unambiguous and revocable).

For example, if you would like to receive newsletters from us and are not an existing or prospective partner, client or member; or where used, to manage cookies that are not strictly necessary.

Legitimate interests

For commercial and transparency purposes, we use data from europarl.europa.eu and from https://ec.europa.eu/info/law/better-regulation/have-your-say_en.

Some of the information from these websites is personal data. We rely on legitimate interest when processing personal data for commercial purposes. We do not override the fundamental rights and freedoms of those data subjects involved.

The first group of data subjects is Members of European Parliament, for which we process information about their name, political party affiliation and their membership of various EU Parliament configurations (Committee, Delegation, etc.). 

The second group of data subjects is individuals who submitted responses, on behalf of the organisation they work for, to EU Commission consultations. We may process their first name and last name, their employer’s name and the response they submitted on behalf of their employer.

The third group of data subjects is individuals who submitted responses, on behalf of themselves, to EU Commission consultations. We may process their first name and last name, and the response they submitted on their own behalf.

Although Transparency obligation (Art. 14(1-4) GDPR) to notify apply to these groups:

  • Notifying all MEPs involve a disproportionate effort
  • Notifying individuals who submit responses on their own behalf, is impossible as their contact information is not available.
  • Individuals have already consented for their data to be published online publicly on aforementioned websites 

We therefore satisfy the Transparency obligation through publishing this Privacy Policy on our website.

Furthermore, following  in Article 14(5)(b) GDPR, we take appropriate measures to protect the data subject’s rights and freedoms whilst processing. Beyond making this information publicly available through publication on our website, we:

  1. Minimise the data we collect and store
  2. Apply anonymisation and pseudonymisation measure to the data 
  3. Take technical and organisation measures to ensure high levels of security
  4. Regularly undertake a Data Protection Impact Assessment
  5. Regularly undertake a Legitimate Interest Assessment

How do I unsubscribe or withdraw consent?

If you receive an email newsletter or invite from us we provide a way to unsubscribe in every email.  

If you have consented to some of our cookies to be placed on your browser, you may opt-out at any time. 

If you are a member of one of our WhatsApp groups, using the WhatsApp settings for the group you can mute conversations so that you don’t get notified for every message, or you can remove yourself from the group.

What are my data protection rights?

For rights requests please contact timw@lobium.ai.

Can I get a copy of the information you’ve collected about me?

Yes. You have the right to ask us to confirm if we are processing your personal data, for copies of your personal information, and supplementary information.

Can I amend the information you’ve collected about me?

We try to keep our records up to date, but if we’ve got it wrong or your details have changed let us know. You also have the right to ask us to complete information you think is incomplete.

Can you delete my information?

Yes. However, please note that this right only applies in some circumstances. For example, there are some records which contain personal information that we are required to keep for other regulatory reasons, such as for finance and tax. Such records will not be deleted until seven years after the end of the contract with you.

Can you restrict the processing of my information?

This right applies only in some circumstances. When we receive a request for processing to be restricted we are permitted to store the personal data, but we cannot use it. For example, you might request your information to be restricted in order to establish, exercise or defend a legal claim or if you think we’ve unlawfully processed your data but you do not wish us to delete it.

Can I object to you processing my information?

This right applies to you if we have used your data under the lawful basis of “legitimate interests”. For example, if you are a customer and we have used your information to get in touch with you about new products, you can object to us doing so.

Can I ask you to move, copy or transfer my personal data from us to elsewhere?

This right is often referred to as “data portability”. This right applies only to personal information you have provided to us about you, for example orders you have made.

When moving, sending you a copy or transferring this data we will only do so in a secure manner using a structured, commonly used and machine readable format.

Do you use any automated decision making or profiling?

No. 

Find out more about your data rights.

Find out more about time limits for responding to data rights requests.

How long do you keep data for?

We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this is:

  • Do we still carry out the activities for the purposes the data was provided?
  • Is this information still up to date?
  • Are we required to keep this data for other regulatory purposes?
  • Are there contractual requirements?

Some records we are required to retain by law for certain lengths of time. These include for tax and employment purposes.

How is my information stored, transferred and kept secure?

To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents, process orders and communicate with clients.

These services cannot share your data with anyone. The website servers we use are located in the EU and USA. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.

Third party processors include: Atlassian, Auth0, AWS, Gavagai.io, Google, Mailchimp, Pipedrive, Starling Bank, Xero.

Security

Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals. Where possible, we use two-factor authentication for all access.

We act on relevant security advisories to minimize the risk to our systems and the data they contain.

We choose system suppliers who implement appropriate technical and organisational measures that are at least as good as our own.                                                      

Legal requests

We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Lobium or the rights, property or personal safety of any person.

All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.

How to complain

If we have been unable to resolve a query relating to this privacy notice, or if you are unhappy with how we have used your data, you can also contact the UK’s Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113