Factor Law Inc. and its international subsidiaries respect your privacy and are committed to protecting your personal data. As a global organization, it is our duty to comply with the various applicable laws around the world that govern the collection and processing of personal data.
Those laws include, as applicable: US federal and state laws relating to data privacy and the protection of personal data, including the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"); the EU General Data Protection Regulation (EU) 2016/679 ("GDPR"); the GDPR as it applies in the UK; the UK Data Protection Act 2018; and the Swiss Federal Act on Data Protection; in each case, as updated, amended or replaced from time to time.
Protecting the personal rights and privacy of each individual is at the core of the foundation of trust in our business relationships and of Factor's reputation as an attractive and responsible employer. We recognize the need for appropriate safeguards and management practices in relation to the collection and use of your personal data.
We want to ensure that you understand what information we collect about you and how we use it. This privacy policy sets out the principles Factor follows when we collect and process your personal data through your use of our website or when you otherwise engage with Factor, and it applies to our candidates, clients, suppliers, website-users, and anyone else who subscribes to our newsletters or participates in our programs or similar activity.
This website is not intended for children and we do not knowingly collect data relating to children.
We may amend this privacy policy from time to time, and we will endeavor to inform our contacts of major changes to it. You may always review our current policy at this page. If we need your consent to process your personal data in a different way, we will seek your consent in advance.
Please use the glossary at the end of this policy to help you understand the meanings of some of the terms used. If you have any questions regarding the policy, contact us at privacy@factor.law.
TABLE OF CONTENTS
1. WHO WE ARE
Factor Law Inc. is a leading alternative legal services provider headquartered at 33 West Monroe Street, Suite 400, Chicago, IL 60603, USA. Factor Law Inc. is the ultimate parent entity for a number of EU/EEA and UK registered Factor entities.
This privacy policy is issued on behalf of Factor as a whole. When we mention "Factor", "we", "us" or "our", we are referring to the relevant Factor entity responsible for collecting or processing your personal data.[HS1]
Depending on the circumstances, Factor may be a controller or a processor of your personal data. Unless otherwise stated, the Factor entity you are engaging with will be the controller or processor of your personal data.
Data Privacy Office:
Our Data Privacy Office, which is part of our Legal & Compliance team, is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise any of your legal rights, please contact the Data Privacy Office using the details set out below.
Contact Details:
Full name of legal entity: Factor Law Inc.
Address: 33 West Monroe Street, Suite 400, Chicago, IL 60603, USA
Contact: Data Privacy Office
Email address: privacy@factor.law
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
Personal data includes any information about an individual from which that individual can be identified. It might include your name, mailing address, email address, telephone number, company, title, site username or site password. It does not include data from which you are not identifiable (anonymous data).
We collect, store and process your personal data by different methods depending on whether you are a candidate, client, supplier, or website user.
We collect, process, or disclose personal data for our legitimate business purposes including: to provide our services to clients, candidates, or web users or to fulfill our contractual obligations; to maintain our business relationships; to match candidate details with client requirements for roles and to send candidates' personal data which may include special category data to clients to fill those roles; to notify candidates of roles which we feel would be of interest to them; to provide candidates with HR related support and services; to market events, promotions, competitions, webinars, reports, our services, news, or relevant industry updates, and depending on which jurisdiction the individual is in, we may be required to give them an option to "opt-in" and we will always provide them with an option to "opt-out" with each marketing communication; as required by law or regulation; for our business purposes, such as data analysis, audits, fraud monitoring and prevention; to develop new products, services, and offerings, or to enhance, improve, or modify our products and services; and to record usage of our website in accordance with our cookie policy. We also share personal data with the following third parties: service providers, professional advisers, regulators and other authorities, clients, and suppliers, in each case acting as processors or controllers. We will also disclose personal data to any third party to whom we may choose to sell, transfer, or merge all or part(s) of our business or assets.
WHERE YOU ARE A CANDIDATE:
You may be a past candidate or a candidate in process or you may have participated in our recruitment or other similar events.
How we collect your personal data:
You may provide personal data to us by email, post, telephone, face to face or online during meetings or at events, or through our website; or
We may collect your personal data indirectly or from third parties: through recruitment agencies, social media searches (such as LinkedIn), research companies, client or supplier conversations, or referrals from other third parties.
What personal data we collect:
The personal data we collect about candidates includes: first name, maiden name, last name, address, telephone number, email address, username or similar identifier, marital status, title, date of birth and gender, right to work, social security/national insurance number, nationality, employment and education history, skills proficiency, references, qualifications information contained in your resume/CV, and records of our conversations or meetings.
We do not mandate the collection of any special categories of personal data about you through this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
We will ask for your explicit consent before we collect special category data, except:
where required by law;
for employment purposes; or
where required to carry out criminal or other background checks.
WHERE YOU ARE A CLIENT:
When you are inquiring about or using our services we collect and use information to understand your requirements, agree role specifications, propose candidates, discuss our contract, provide services, or share Factor content which is likely to be relevant and useful to you.
How we collect your personal data:
You may provide personal data to us by email, post, telephone, face to face or online during meetings or at events, or through our website; or
We may collect it from your colleagues, social media, our network of contacts, others who may know you, event delegate lists, or third-party market research.
What personal data we collect:
The personal data we collect includes the personal data of individual contacts we deal with at your organization such as: name, job title, management level, business relationships, memberships, work history, work address, telephone numbers, email address, and records of our conversations or meetings.
WHERE YOU ARE A SUPPLIER:
When supplying services to us or contracting with us we need certain information so that we can receive and pay for the services you provide.
How we collect your personal data:
You may provide personal data to us by email, post, telephone, face to face or online during meetings or at events, or through our website; or
We may collect it from your colleagues, social media, our network of contacts, others who may know you, event delegate lists, or third-party market research.
What personal data we collect:
The personal data we collect includes the personal data of individual contacts we deal with at your organization such as: name, job title, management level, business relationships, memberships, work history, work address, telephone numbers, email address, and records of our conversations or meetings.
WHERE YOU ARE A WEBSITE USER:
When you are using our website, which may include when you download content or contact us via our website, we need certain information to help us to improve your experience when using our website, and to help us manage the content and services we provide.
How we collect your personal data:
You may provide personal data by completing online registration forms, by applying for roles via our website, or when you create or update any of your marketing preferences; or
We may collect it automatically via cookies, in line with cookie consents, server logs and other similar technologies, preferences and settings in your browser.
For more information on how we use cookies please see our cookie policy which is set out at the end of section 7 of this privacy policy.
What personal data we collect:
The personal data we collect includes the personal data you provide which may include your name and contact details, email address and telephone number, and any resume/CV you submitted online. In addition, we collect a limited amount of data which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information on how you use our website and the location you view our website from (IP address).
3. HOW WE USE YOUR PERSONAL DATA
We collect, process or disclose your personal data for our legitimate interests including:
To provide our services to clients, candidates, or web users, or to fulfill our contractual obligations;
To maintain our business relationships;
To match candidate details with client requirements for roles and to send candidates' personal data which may include special category data to clients to fill those roles;
To notify candidates of roles which we feel would be of interest to them;
To provide candidates with HR related support and services;
To market events, promotions, competitions, webinars, reports, our services, news, or relevant industry updates. Depending on which jurisdiction you are in, we may be required to give you an option to "opt-in" and we will always provide you with an option to "opt-out" with each marketing communication;
As required by applicable laws;
For our business purposes, such as data analysis, audits, fraud monitoring and prevention;
To develop new products, services, and offerings, or to enhance, improve, or modify our products and services; and
To record your usage of our website in accordance with our cookie policy which is set out at the end of section 7 of this privacy policy.
4. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We rely on the following main grounds to process personal data of candidates, clients, suppliers, web users, or other third parties:
Necessary for entering into, or performing, a contract -- to perform obligations that we undertake in providing a service to you, or to take steps at your request to enter into a contract with us;
Necessary for compliance with a legal obligation -- we are subject to certain legal requirements which may require us to process your personal data. We may also be obliged by law to disclose your personal data to a regulatory body or law enforcement agency;
Necessary for the purposes of legitimate interests -- we, or a third party, will process your personal data for the purposes of our (or a third party's) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimizing our website and customer experience, informing you about our products and services, and ensuring that our operations are conducted in an appropriate and efficient manner;
Consent -- in some circumstances, we may ask for your consent to process your personal data;
Necessary to protect the vital interests of the data subject or of another natural person.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at privacy@factor.law.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your consent, providing you with a clear, conspicuous, and readily available mechanism for you to exercise choice.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
5. HOW WE SHARE YOUR PERSONAL DATA
In certain circumstances we will share your personal data with other parties. When we do, we take responsibility and bear liability for such sharing in accordance with this privacy policy and applicable law.
Under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Factor remains responsible and liable if third-party agents that we engage to process personal data on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.[HS2]
We share your personal data with other entities within Factor acting as controllers or processors. We do this to provide sales and marketing, IT, HR, system administration services, product development, and undertake internal reporting. We will also share your personal data across Factor entities to provide candidates to our clients to fulfill client engagements, for business development, to improve our client service, and to make our services more valuable to you.
We also share your personal data with the following third parties:
Service providers acting as processors;
Professional advisers acting as processors or controllers;
Regulators and other authorities acting as processors or controllers who require reporting of processing activities in certain circumstances;
Clients who have roles in which you are interested. In such circumstances we may disclose special category data;
Trusted third parties who provide employment related services, including reference, qualification, and criminal record checking (where required), evaluation or skills tests. In such circumstances we may disclose special category data; and
We will also disclose your personal data to any third party to whom we may choose to sell, transfer, or merge all or part(s) of our business or assets. If this happens, then the new owner(s) may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We also collect, use, and share aggregated data such as statistical or demographic data for purposes which include monitoring how we are doing against our diversity and equality targets. Aggregated data is not personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your personal data where we are required by law to report on mixes of religious beliefs or political opinions or affiliations.
6. INTERNATIONAL TRANSFERS OF PERSONAL DATA[HS3]
EU-U.S. Data Privacy Framework Compliance
Factor complies with the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework as set forth by the US Department of Commerce. Factor has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles with regard to the processing of personal data received from the EEA in reliance on the EU-US Data Privacy Framework and from the UK in reliance on the UK Extension to the EU-US Data Privacy Framework. Factor has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US Data Privacy Framework. If there is any conflict between the terms in this privacy policy and the EU-US Data Privacy Framework Principles and/or the Swiss-US Data Privacy Framework Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
International Data Transfers - General
We share your personal data within Factor. We transfer personal data we collect about you to countries outside of the country in which the personal data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the personal data. When we transfer personal data to other countries, we will protect that personal data as described in this privacy policy.
Transfers out of the EEA:
If you are located in the EEA this may involve transferring your personal data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy decisions.
We may use standard contractual clauses approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Standard Contractual Clauses (SCC).
Transfers out of the UK:
If you are located in the UK this may involve transferring your personal data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, see Information Commissioner's Office: International data transfers.
We may use standard contractual clauses approved for use in the UK which give personal data the same protection it has in the UK. For further details, see Information Commissioner's Office: International data transfers.
Transfers out of Switzerland:
If you are located in Switzerland this may involve transferring your personal data outside Switzerland. Whenever we transfer your personal data out of Switzerland, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. For further details, see Federal Data Protection and Information Commissioner: Cross-border transfer of personal data.
We may use standard contractual clauses approved for use in Switzerland which give personal data the same protection it has in Switzerland. For further details, see Federal Data Protection and Information Commissioner: Cross-border transfer of personal data.
EU-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework:
Where we transfer personal data from the EEA, the UK, or Switzerland to Factor in the US, or to third party providers in the US, we may transfer personal data to them if they are part of the EU-US Data Privacy Framework, and (where applicable) the UK Extension to the EU-US Data Privacy Framework and (where applicable) the Swiss-US Data Privacy Framework, which require them to provide an adequate level of protection for personal data. To learn more about the Data Privacy Framework program, and to view our certification page, please visit www.dataprivacyframework.gov/.
Factor certifies that it complies with the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, retention, and transfer of personal data from the EEA, the UK, and Switzerland to the US, respectively.
Factor further certifies that it adheres to the Data Privacy Framework Principles of 1) Notice, 2) Choice, 3) Accountability for Onward Transfer, 4) Security, 5) Data Integrity and Purpose Limitation, 6) Access, and 7) Recourse, Enforcement and Liability. Factor may be liable in cases of onward personal data transfer to third parties.
If there is any conflict between this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit the following URL: https://www.dataprivacyframework.gov/.
Factor is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.[HS4]
Please contact us at privacy@factor.law if you want further information on the specific mechanism we use when transferring your personal data out of the EEA, the UK, or Switzerland.
7. DATA SECURITY
Factor uses industry-standard physical, technical, and administrative controls to protect your personal data by:
Not collecting or retaining excessive amounts of personal data;
Protecting personal data from loss, misuse, unauthorized access and disclosure. Any employees, agents, contractors or third parties who are so authorized act on our instructions and are subject to a duty of confidentiality;
Keeping personal data up to date;
Storing and destroying it securely;
Ensuring that appropriate administrative, technical, and physical safeguards are in place to protect personal data. These measures include measures to deal with any suspected data breach; and
Regularly reviewing our information collection, storage, and processing practices, including physical security measures.
While we operate to the highest standards we are also aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
You should note that this website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their content or privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies:
Factor uses "cookies" on its sites. A cookie is a piece of data stored on a site visitor's system that helps us improve your access to our site and identify repeat visitors to our site.
Cookies can also enable us to track and target the interests of our users to enhance their experience on our site. Except where 1) contacts elect to identify themselves for purposes of receiving information from Factor or inquiring as to a business relationship with Factor or 2) candidates elect to establish and use an account to apply to Factor and employment opportunities with Factor, cookies are not linked to any personally identifiable information.
You can disable or remove any cookies already stored on your computer, but these may stop our websites from functioning properly.
8. DATA RETENTION
Where we collect your personal data, the length of time for which we retain it depends on the type of data, the purpose for which we use that data, and our accounting, regulatory, and legal data retention obligations. We do not retain personal data in an identifiable format for longer than:
The period necessary for the relevant activity or services;
Any retention period that is required by law or contract; or
The period in which litigation or investigations might arise in respect of the relevant activity or services;
After which, it is likely your personal data will no longer be relevant for the purposes for which it was collected and we will delete or destroy it.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have the right to:
Request access to your personal data (commonly known as a "subject access request" or "SAR"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected;
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes;
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and/or
Request the transfer of your personal data to another party.
If you want to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us by email at privacy@factor.law.
No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent:
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please send us email at privacy@factor.law. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.
Our response timescales:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is incomplete and we need to write to you for more information or is particularly complex or you have made several requests. In these cases, we will notify you and keep you updated.
The right to complain to a supervisory authority:
In the EU, we have nominated the Polish Supervisory Authority as the Lead Supervisory Authority for our EU based operations. You may have the right to complain to the Polish Supervisory Authority (Urząd Ochrony Danych Osobowych (Personal Data Protection Office)) about how and/or why we are processing your personal data.
In the UK, the Supervisory Authority is the Information Commissioner's Office (ICO). You may have the right to complain to the ICO about how and/or why we are processing your personal data.
You may also have a right to make a complaint regarding how and/or why we process your personal data with respect to the EU-US Data Privacy Framework Principles.
Please see "how to make a complaint" below.
10. HOW TO MAKE A COMPLAINT
Data privacy laws are constantly evolving, and we endeavor to maintain best practice. However, we recognize that we may not always get it right and if you are not satisfied in the way we handle your personal data or you wish to discuss our processes then we would like to hear from you.
Factor Complaint process:
If there is something which we have not done correctly with your personal data then we would appreciate the chance to deal with your concerns before you approach a Supervisory Authority so please contact us in the first instance by email at privacy@factor.law.
EU Supervisory Authority:
In the EU, we have nominated the Polish Supervisory Authority as the Lead Supervisory Authority for our EU based operations. You may have the right to complain to the Polish Supervisory Authority (Urząd Ochrony Danych Osobowych (Personal Data Protection Office)) about how and/or why we are processing your personal data.
UK Supervisory Authority:
In the UK, the Supervisory Authority is the Information Commissioner's Office (ICO). You may have the right to complain to the ICO about how and/or why we are processing your personal data.
EU-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework and Swiss-US Data Privacy Framework:
In compliance with the Data Privacy Framework Principles, Factor commits to resolve complaints about our collection or use of your personal data. EEA, UK, or Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Factor by email at privacy@factor.law.
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Factor commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.[HS5]
This recourse mechanism is provided free of charge to affected individuals.[HS6]
If your complaint is not resolved after following the recourse mechanisms described above, you may have the ability, under certain conditions, to invoke binding arbitration for residual claims not resolved by other mechanisms. More information about the DPF arbitration mechanism can be found at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
11. GLOSSARY
Consent: agreement which must be freely given, specific, informed, and be an unambiguous indication of the data subject's wishes by which they, by a statement or by a clear positive action, signifies agreement to the processing of personal data relating to them.
Controller: a person or organization which determines when, why, and how to process personal data. It is responsible for establishing practices and policies in line with applicable data protection laws. We are the data controller of all personal data relating to our company personnel and personal data used in our business for our own commercial purposes.
Data subject: a living, identified or identifiable individual about whom we hold personal data. Data subjects may be nationals or residents of any country and may have legal rights regarding their personal data.
EEA: the European Economic Area, comprising the countries in the EU plus Iceland, Liechtenstein, and Norway.
EU: the European Union.
Explicit consent: consent which requires a very clear and specific statement (that is, not just action).
Legitimate interest: the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Personal data: any information identifying a data subject or information relating to a data subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal data includes special category data and pseudonymized personal data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location, or date of birth) or an opinion about that person's actions or behavior.
Privacy notices or privacy policies: separate notices setting out information that may be provided to data subjects when Factor collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices, or the website privacy policy) or they may be stand-alone, one-time privacy statements covering processing related to a specific purpose.
Processing or process (and processor): any activity that involves the use of personal data. It includes obtaining, recording or holding the personal data, or carrying out any operation or set of operations on the personal data including organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transmitting or transferring personal data to third parties. A person or organization which processes personal data is referred to as a processor.
Special category data: personal data revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal data relating to criminal offenses and convictions.
UK: the United Kingdom of Great Britain and Northern Ireland.
US or USA: the United States of America.
Last Updated: October 2025
For questions or concerns about this Privacy Policy, please contact: privacy@factor.law