Privacy Notice

Contact details

If you have any questions about this notice or our data protection practices, please
contact us in the following ways:

Full name of legal entity: proSapient Limited
Email address: privacy@prosapient.com
Postal address: 5th Floor, 33 Holborn, London EC1N 2HT.

You have the right to make a complaint at any time to the Information Commissioner's
Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you
approach the ICO so please contact us in the first instance.

2. What personal data do we collect?

Personal data means any information which relates to an identified or identifiable living
individual.
There are three main types of individuals with respect to whom we collect personal
data:
1. Industry Experts –you have agreed to our Expert Terms and Conditions, and we have
presented your background to at least one of our clients either for calls, surveys or
written work.
2. Clients – you have a contract in place with us to speak to Industry Experts through our
platform, use our platform to find experts, and/or conduct surveys for you.
3. Prospects – you have been contacted by a proSapient employee to participate in
expert calls, surveys or written work.
We collect, use, store and transfer different kinds of personal data about you:
Industry Experts
This means you have freely agreed to our Terms & Conditions.
We process the following personal information (“Expert Information”), as it is necessary
for our lawful purpose:

• Full Name

• Work History (companies, job titles, job descriptions, dates served)

• Contact details

• Employment and biographical information

• CV/Resume

• Banking information

• Technical Data (IP address, your login data, browser type and version)

• Profile photo

• Marketing and Communications Data

• Interaction data (call recordings, transcripts, written work, survey responses)

What we do with your personal information?

• For us to give you consultations relevant to your experience and to present your

  information to our clients effectively, it is necessary to store the Expert Information.

• Our system analyses your interactions with proSapient (consulting calls, written work,

  surveys, and other paid consulting work) for keywords. It will also crawl other public

  sources of information about you to further learn about your background.

• We use your Name and work history to present Clients or prospective Clients with

  your biography so they can understand why you have been recommended to take part

  in a consultation.

• Your contact details are used by our account managers and our system. This allows

  us to notify you when we receive a project relevant to your background.

Clients
This means you or your Company has signed a Client Agreement with us.
We process the following personal information (“Client Information”) as it is necessary
for our lawful purpose and/or to perform a contract with you: -

• Name

• Contact details

• Technical Data (IP address, your login data, browser type and version)

• Marketing and Communications data

• Interaction data (recordings, transcripts, written work.

What we do with your personal information

We use your personal information to be able to manage and operate your engagements within the proSapient platform.

Prospects
This means you have been contacted by a proSapient employee to offer consulting
services.
We may process the following personal information (“Prospect Information”), as it is
necessary for our lawful purpose:

• Full Name

• Work History (companies, job titles, job descriptions, dates served)

• Contact details

• Interaction Data (call recordings if calls are made)

What we do with your personal information?
We collect and process your information to assess whether you may be a good fit for
consulting opportunities relevant to your experience.
Your contact details are used by our account managers and our system to notify you
when we receive a project relevant to your background.
Where we contact you by phone, the call may be recorded for internal training, quality
assurance, and compliance purposes.

Special Categories of Personal Data
In limited circumstances, we may collect Special Categories of Personal Data about
you. This includes data revealing your race or ethnicity, religious or philosophical
beliefs, sexual orientation, political opinions, trade union membership, information
about your health, and genetic or biometric data.

Such data will only be collected where it is strictly necessary, for example, where
required for legal compliance, specific consulting engagements, or to ensure diversity
and inclusion in certain research projects, and only with your explicit consent where
applicable.

We handle all Special Categories of Personal Data with the utmost confidentiality and
apply enhanced security measures to protect this information. Any processing of this
data is done in accordance with data protection laws and only by authorised personnel
on a strict need-to-know basis.

 3. Why do we collect your data?

Experts
We collect your personal information to match you with relevant consulting
opportunities and surveys based on your professional experience and expertise.
Specifically, we collect and use your data to:

• Present your profile (name, work history, expertise. CV) to clients or prospective

  clients

• Invite you to participate in paid engagements such as consulting calls, surveys,

  and written projects

• Manage the logistics and payment of your work with us

• Record, transcribe, and store your contributions (calls, surveys, written work) as

  part of our client deliverables and internal quality checks

• Analyse your participation history to improve our matching algorithm and

  internal processes

• Contact you about new opportunities via email or phone

Prospects

We collect your personal information to:

• Assess whether your professional background aligns with expert consulting

  opportunities

• Contact you to introduce relevant project opportunities

• Maintain a record of your interaction with us (including recorded calls, where

  applicable)

• Ensure compliance with our quality assurance and regulatory obligations

• Improve how we identify and engage with suitable prospects

Clients
We collect your personal information to:

• Facilitate your use of the proSapient platform and enable you to engage with

  experts

• Manage your user account, project preferences, and consultation history

• Provide customer support and respond to your queries

• Deliver call recordings, transcripts, written outputs, and survey results

• Send platform notifications, updates, or service communications

• Improve the quality and relevance of our service

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we
have with you, and you fail to provide that data when requested, we may not be able to
perform the contract we have or are trying to enter into with you (for example, to pro vide
you with goods or services). In this case, we may have to cancel a product or service
you have with us but we will notify you if this is the case at the time.

4. How is your personal data collected?

We use different methods to collect data from and about you including through:

• Direct interactions. You may provide us with your Identity, Contact, Financial, and

  other relevant data by filling in forms, completing surveys, entering contracts, or by

  corresponding with us via post, phone, email, video calls, or otherwise.

  Automated technologies or interactions. As you interact with our website(s) and

  other online channels, we will automatically collect Technical Data about your

  equipment, browsing actions and patterns. We collect this personal data by using

  cookies, server logs and other similar technologies. Please see Cookies below for

  further details.

• Data providers that supply professional, demographic, or contact information

  about individuals who match certain criteria relevant to our services.

  Surveys. If you participate in a survey conducted by or on behalf of proSapient, we

  may collect responses, comments, and any other information you provide as part of

  that process. This can include demographic information or opinions relevant to the

  subject of the survey. In some cases, we may ask for your explicit consent before

  collecting certain types of information.

• Recorded communications. Phone or video calls with proSapient may be recorded

  for quality, training, verification, or compliance purposes. This includes calls with

  Prospects. You will be notified where recordings are being made.

5. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we rely
on the following legal grounds to process your personal data for the following purposes:

• Where it is necessary for our legitimate interests (or those of a third party) and your

  interests and fundamental rights do not override those interests. This includes:

  • to administer our sites, conduct identity verification and other fraud prevention or detection activities;

  • to research, filter and verify Prospective Experts and Industry Experts, and to screen for potential conflicts of interest to assess and recommend their appropriateness for a particular Client Project and to meet applicable legal, regulatory and compliance requirements;

  • to monitor, support, maintain, develop and improve the performance of our sites,

    products and services and customer relationships, analyse trends, usage and activities in connection with our products and services, and optimize our marketing efforts, promote and develop our business and measure the effectiveness of our advertising campaigns and to grow and inform our marketing strategy;

  • for our own internal functions such as keeping our sites secure, (including

    troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), management and corporate reporting, internal research and analytics and to improve business efficacies;

  • to enforce compliance with our terms and other policies or otherwise in connection

    with legal claims, compliance, regulatory, auditing, investigatory and disciplinary

    purposes as necessary (including disclosure of such information in connection with

    legal process or litigation);

  • to create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage or other characteristics of a site's users. We reserve the right to transfer and/or sell aggregate or group data about our users for lawful purposes.

• Where we need to perform a contract, we are about to enter or have entered with you

  (for Industry Experts and Clients). This includes:

  • verifying your identity;

  • taking and making payments;

  • facilitating your participation in Projects and provision of our products and services and sending you service-related communications;

  • manages and operate your engagement within the proSapient platform;

  • provision of support including responding to your queries and investigating any

    complaints about the site and our products and services.

• Where we need to comply with a legal or regulatory obligation. This includes:

  • in response to requests by government or law enforcement authorities investigating.

• When you have expressly consented to us processing your personal data. This includes:

  • where you give us consent to place cookies or similar technologies;

  • on other occasions where we ask for your consent, for the purpose we explain at the time;

  • Where consent is relied on, you have the right to withdraw it at any time by contacting us at privacy@prosapient.com.

• Where you have manifestly made the personal data public.

• Where the processing is necessary for the reasons of substantial public interest as defined in the UK Data Protection Act 2018.

Relying on our legitimate interest means the interest of our business in conducting and
managing our business to enable us to give you the best service/product and the best
and most secure experience. We make sure we consider and balance any potential
impact on you (both positive and negative) and your rights before we process your
personal data for our legitimate interests. We do not use your personal data for
activities where our interests are overridden by the impact on you (unless we have your
consent or are otherwise required or permitted to by law). You can obtain further
information about how we assess our legitimate interests against any potential impact
on you in respect of specific activities by contacting us.

Change of purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we
will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or
consent, in compliance with the above rules, where this is required or permitted by law.

Marketing
We strive to provide you with choices regarding certain personal data uses, particularly
around marketing and advertising.

Third-party marketing
We will get your express opt-in consent before we share your personal data with any
third party for marketing purposes.

Opting out
You can ask us or third parties to stop sending you marketing messages at any time by
following the instructions in the communication or contacting us at any time by
emailing us at privacy@prosapient.com.

Our Clients and Associates may elect to record and/or transcribe their consultations,
calls and other interactions with Industry Experts. Where this is the case the recordings
and transcriptions will be used by the Client for [legal and regulatory purposes, record
keeping, quality control, or staff training purposes] or for other purposes. proSapient
will also use these recordings and transcripts to develop and improve its Expert
Network, for internal research and analytics and to improve business efficacies.
Consent will be obtained to the extent this is required by applicable laws. As part of
their compliance protocols, some Clients may have a professional (in addition to the
Client user(s) chaperoning phone consultations and their presence may be announced
or unannounced (i.e., the Industry Expert will not be notified) and may be active
participants or silent on the phone consultations.

6. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes that
are described in this Privacy Notice or otherwise with your consent.
Independent Contractors: proSapient is a global business, headquartered in the UK.
The personal data collected by us in accordance with this Privacy Policy may be used
and shared amongst our and third-party contractors working in the Ukraine, North
Carolina, and Toronto (acting on behalf of proSapient) for the purposes outlined above.
Service Providers: When we employ a third-party to perform a function on our behalf,
we provide it with the personal data that it needs to perform its specific function. These
companies are authorized to use your personal data only as necessary to provide these
services to us. We use service providers for the purposes of delivering our products and
services, [managing payments, hosting, IT, security, support, billing, surveys,
facilitating and recording conference calls, providing transcripts, business
development, marketing, and communications]. We also share personal data with our
accountants, auditors, insurers, lawyers and other external professional advisors to
proSapient, subject to binding contractual obligations of confidentiality.

Clients: We share Identity Data, Contact Data, Due Diligence Data, Profile Data &
Transaction Data relating to Industry Experts with our Clients in connection with a
particular Project as further described in our Expert Terms and Client Master Services
Agreement (“MSA”). This includes any call recordings, transcripts or survey responses
you may have provided during your interaction with the client. We may also share this
information with your current and former employers and companies you have provided
services to or contracted with for the purposes of verifying Industry Expert information
and/or confirming any consents or approvals Industry Experts may need to participate
in our networks, platforms or Client Projects or other products and services.

Experts. (If Client has previously agreed to it in connection with a particular Project as
further described in our client MSA.

Legal Requirements: We disclose personal data to government authorities, regulators
or other third-parties if required to do so by law or in the good faith belief that such
action is necessary to (a) comply with a subpoena, court order or similar legal
obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances
to protect the personal safety of users of any website or the public, (d) protect against
legal liability, (e) to investigate fraud or other unlawful activity or (f) or as otherwise
required or permitted by law.
Third-Party Partners: We may share your personal data with selected third-party
partners, including for their direct marketing purposes. We will obtain your prior
consent for such a transfer where required by applicable law.
We require all third parties to respect the security of your personal data and to treat it in
accordance with the law. We do not allow our third-party service providers, acting as
data processors to use your personal data for their own purposes and only permit them
to process your personal data for specified purposes and in accordance with our
instructions.

International transfers: Your personal data may also be held and accessed by our staff
in all our international offices and third parties working for us, or our inside and outside
the United Kingdom and the EEA including in the US, Canada, and Ukraine and for the
purposes outlined above. When we transfer your personal data outside of the UK or the
EEA to a country that is not subject to an adequacy decision by the EU Commission or
considered adequate as determined by applicable data protection laws, we will take
steps to ensure that appropriate safeguards are in place in accordance with data
protection laws. A copy of the relevant mechanisms can be requested by using the
contact details above.

7. Data security

We have implemented appropriate technical and organisational security measures to
prevent your personal data from being accidentally lost, used, accessed, altered, or
disclosed in an unauthorised way.
Access to your personal data is strictly limited to employees, agents, contractors, and
other third parties who have a business need to know. They will only process your
personal data on our instructions and are subject to a duty of confidentiality.

We are also ISO 27001:2022 certified, demonstrating our commitment to maintaining the highest standards of information security across our systems, processes, and
people.

We have established procedures to deal with any suspected personal data breach and
will notify you, and any relevant supervisory authority when we are legally required to do
so.

8. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any legal,
regulatory, tax, accounting or reporting requirements. We may retain your personal da ta
for a longer period in the event of a complaint or if we reasonably believe there is a
prospect of litigation in respect to our relationship with you.

We follow an internal Data Retention & Deletion Policy that outlines specific retention
periods depending on the nature of the data, applicable legal requirements, and the
risks associated with retention. This policy is reviewed regularly to ensure compliance
and relevance.

When determining how long to retain your data, we consider:

• The amount, nature, and sensitivity of the personal data

• The risk of harm from unauthorised use or disclosure

• The purposes for processing your data and whether those purposes can be

  achieved through other means

• Relevant legal, regulatory, tax, accounting, or other requirements

In some circumstances you can ask us to delete your data: see Your Legal Rights below
for further information.

In some circumstances, we will anonymise your personal data (so that it can no longer
be associated with you) for research or statistical purposes, in which case we may use
this information indefinitely without further notice to you.

9. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to
your personal data. If you wish to exercise any of these rights, please contact us at
privacy@prosapient.com.

You will not have to pay a fee to access your personal data (or to exercise any of the
other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your
request in these circumstances.

We may need to request specific information from you to help us confirm your identity
and ensure your right to access your personal data (or to exercise any of your other
rights). For instance, the same principle applies to data deletion requests, for which we
decide on a case-by-case basis what is needed to verify one’s identity depending on the
type of information we have to delete – documents that are accepted as proof of ID can
be i.e., ID, passport, driving license, etc. This is a security measure to ensure that
personal data is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to speed up our
response.

We try to respond to all legitimate requests within one month. Occasionally it could
take us longer than a month if your request is particularly complex or you have made a
number of requests. In this case, we will notify you and keep you updated. In any ca se,
we will confirm receipt of any email correspondence we receive from you as soon as
possible.

You have the right to:
Request access to your personal data (commonly known as a "data subject access
request"). This enables you to receive a copy of the personal data we hold about you
and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to
have any incomplete or inaccurate data we hold about you corrected, though we may
need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove
personal data where there is no good reason for us to continue to process it. You also
have the right to ask us to delete or remove your personal data where you have
successfully exercised your right to object to processing (see below), where we may
have processed your information unlawfully or where we are required to erase your
personal data to comply with local law. Note, however, that we may not always be able
to comply with your request of erasure for specific legal reasons which will be notified
to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are
processing your personal data for direct marketing purposes. In some cases, we may
demonstrate that we have compelling legitimate grounds to process your information
which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios:

• If you want us to establish the data's accuracy.

• Where our use of the data is unlawful but you do not want us to erase it.

• Where you need us to hold the data even if we no longer require it as you need it to

  establish, exercise or defend legal claims.

• You have objected to our use of your data but we need to verify whether we have

  overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to
you, or a third party you have chosen, your personal data in a structured, commonly
used, machine-readable format. Note that this right only applies to automated
information which you initially provided consent for us to use or where we used the
information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your
personal data. However, this will not affect the lawfulness of any processing carried out
before you withdraw your consent. If you withdraw your consent, we may not be able to
provide certain products or services to you. We will advise you if this is the case at the
time you withdraw your consent.

10. Contact us

If you have any questions about this Notice or our data protection practices, including
any requests to exercise your legal rights, please contact us at
privacy@prosapient.com.