This privacy notice (Privacy Notice) sets out the ways in which we, The Imagination Group Limited and Imagination Europe Limited (we, us, our), collect and use your personal data (your personal information) in connection with our businesses. It also explains what rights you have to access or change your personal data. IF YOU ARE DEALING WITH OUR AUSTRALIAN SUBSIDIARY, IMAGINATION (AUSTRALIA) PTY LTD, PLEASE VIEW THE AUSTRALIAN PRIVACY NOTICE HERE.
We are the data controller in relation to the personal data processed in accordance with this Privacy Notice (except where this Privacy Notice explains otherwise). This Privacy Notice and our procedures have been developed in line with the requirements of the EU General Data Protection Regulation, the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable national law (Data Protection Law).
Where we refer to ‘websites’ in this Privacy Notice, we are referring to the main Imagination website available at www.imagination.com (the Imagination website) and the website dedicated to our experience platform “XPKit” available at www.xpkit.com (the XPKit website).
Please note that if you are applying for a job via the Careers section of the Imagination website or otherwise, your application and any personal data you provide will be processed in accordance with Imagination’s Candidate Privacy Notice.
Note, if you have come to this Privacy Notice because you would like to stop receiving marketing emails from us, you can unsubscribe at any time by following the “unsubscribe” link at the bottom of those emails.
We are companies registered in England under company number 01385613 (The Imagination Group Limited) and company number 01442096 (Imagination Europe Limited), with our registered address as set out below.
You can contact us as follows:
Address: 25 Store Street, South Crescent, London, WC1E 7BL UK
Information we may collect about you
Information that you provide to us
We will collect any information that you provide to us when you:
make an enquiry about our services via email, telephone, post or via our websites or social media channels;
subscribe to our mailing lists and newsletters via our websites;
as a client, ask us to provide services to you (or you work for someone who we provide services to); and
as a supplier, provide goods or services to us (or you work for someone who supplies goods or services to us).
The information you provide to us might include your name, address, country of residence, phone number and/or job title.
Information we collect about you
We will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, or send us an enquiry via our websites or social media channels, we will keep a record of that correspondence.
We use CCTV to maintain the security of our premises, prevent and investigate crime, and in the interests of health and safety. The images captured are securely stored and only accessed where necessary (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time (no more than 30 days) unless an issue is identified that requires investigation (such as a theft).
In the unlikely event that you have an accident on our premises we will also collect details of the accident in order to comply with relevant health and safety legislation.
When you sign up to our e-mail newsletters, we use technology to collect information about how you interact with our emails, including whether our emails are delivered to you and whether you open them, unsubscribe from them or click on any of the links which they contain.
We also use analytics tools on our websites to collect anonymised and aggregated information about website visitors. This includes information about how our visitors navigate the site (including mouse movements and key presses) details of our visitors’ browsers, operating systems, device screen resolutions and screen sizes, internet protocol (IP) addresses, geographic locations, time zone settings and other technology on the devices they use to access our websites. We use this information for analysis purposes and, unlike the other types of information we collect from our website visitors, it cannot be used to identify individuals.
Information we receive from third parties
We may be provided with your contact details if you or your services are referred or recommended to us by a third party;
We use lead generation agencies who use publicly available sources and dedicated databases to obtain contact details for business purposes; and
In certain circumstances we may use a third-party provider to conduct due diligence on our suppliers. This may lead to us being provided with personal data relating to criminal convictions and offences (such as fraud, bribery) and other information relevant to our decision as to whether to conduct business with you or your company. This information is obtained from publicly available sources.
How we use information about you and recipients of your information
We will use your information for the purposes listed below either on the basis of:
performance of your contract with us and the provision of our services to you;
your consent (where we request it); or
our legitimate interests (see paragraph 4.3 below).
We may use your information for the following purposes:
to provide you with access to our websites in a manner convenient and optimal including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our websites are presented in an effective and optimal manner);
as a client, to provide you with our services as agreed pursuant to the performance of our contract with you;
to keep in contact with you about our news, events, or new services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our e-mail marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
if you are a supplier, to receive services from you or your organisation, for example where a supplier is providing us with IT or other outsourced services we will handle personal data about the individuals who are involved in providing the service to us;
to carry out aggregated and anonymised research about general engagement with our websites (on the basis of our legitimate interest in providing the right kinds of information and content to our website users);
to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including without limitation fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
Personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
To provide you with direct marketing about our products and services unless you have asked to be taken off our mailing lists;
Protecting against fraud and other risks to our business, for example when we collect personal data in the course of carrying out due diligence on our suppliers; and
Ensuring network and information security and the security of our premises, for example, when we use CCTV at our premises.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below.
Who we might share your information with
In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal data with third parties that we work with such as:
third parties who provide data processing and IT services to us including website hosting providers, data back-up, security and storage providers and cloud-based software providers;
other third party service providers who help us run and improve our business. For example providers of email services, marketing services, survey and market research providers, providers of fulfilment and postal services and travel service providers;
any selected third party that you consent to our sharing your information with for marketing purposes;
any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006;
third parties with whom we may choose to sell, transfer or merge parts of our business or our assets; and
any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or protects the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
How we look after your information and how long we keep it for
We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
ensuring the physical security of our offices and other sites;
ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
limiting access to your personal data to those in our company who need to use it in the course of their work.
In addition to the above, we are certificated to the ISO 27001:2013 Information Security Management Standard. Read our key policies.
We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. Please contact us if you would like to be provided with the details of the retention periods for specific aspects of your personal data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
International transfers of your information
We are a global business based in the UK and we use third party service providers located in other countries to help us run our business. As a result of this we may transfer personal data of individuals located in the UK outside of the UK, and personal data of individuals located in the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, which is also referred to as the “EEA”) outside of the EEA.
Countries outside of the UK and the EEA may not have data protection laws that provide the same level of protection as those within the UK or the EEA and so whenever we transfer your personal data outside the UK or the EEA, we take steps to ensure all personal data is protected with adequate safeguards, such as by entering into approved standard contractual clauses or transferring personal data to countries, territories, sectors or organisations that are covered by an EU Commission "adequacy decision" and/or a UK "adequacy regulation".
Please contact us if you would like further information on the specific mechanism we use when transferring your personal data out of the UK or the EEA.
Your rights to the information we hold about you
You have certain rights under Data Protection Law in respect of the information that we hold about you:
Access: You have the right to request confirmation that we are holding your personal data and to access a copy of the personal data that we hold about you. This is known as a “data subject access request” and enables you to check that we are handling your personal data lawfully;
Correction: You can ask us to change or complete any inaccurate or incomplete personal data we hold about you;
Erasure: You can ask us to delete or remove your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful reason for keeping it;
Objection: You can object to our processing of your personal data where we are relying on a legitimate interest if there is something about your particular situation which makes you believe it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;
Withdraw consent: If you have given us your consent to use personal data you can withdraw your consent at any time;
Transfer: You can ask us to provide the personal data which you have provided to us back to you or to a third party in a structured, commonly used, electronic form, so it can be easily transferred; and
Restriction: You can ask us to suspend the processing of your personal data, for example if you want to establish its accuracy or where you have objected to our use of it.
In addition, in accordance with Data Protection Law, you have the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.
Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. If this is the case you will be notified of this at the time of your request. If you make a request we may require specific information from you to help us confirm your identity. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.
You may exercise your rights in 9.1 above by contacting us directly using the details set out in 2 above.
Changes to this privacy notice
We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.
This Privacy Notice was updated on 2 September 2021.