Privacy Policy

This Privacy Policy describes the ways in which information about you may be collected, used, disclosed, transferred and stored by Penta Group, LLC and its affiliates (such affiliates, the entities listed below in Section 2, collectively with Penta Group, LLC “Penta”).

The Privacy Policy applies to any interaction with Penta, including through any websites, platforms or applications (together hereinafter referred to as the "Site" or "Sites").

1. Contents

This Privacy Policy consists of the sections set out below. For ease of reference, please click on the relevant section to go directly to that section.

2. Who we are

Penta Group, LLC
805 15th Street, NW
Suite 200
Washington, D.C. 20005

Penta Group Europe Limited
Unit 5.10
The Printworks
164/180 Union St
London SE1 0LH

You may contact Penta at the following email address: info@pentagroup.co.

Our representative in the European Union is Taylor Vintners Europe Limited. You can contact them by mail/post at: Clifton House, Fitzwilliam Street Lower, Dublin, Dublin, D02 Xt91, Ireland, or by email at representative@taylorvinters.com

When we refer to the “Company”, “we", “us" or “our" in this Privacy Policy, we are referring to the relevant Penta entity that is processing your personal data.

We are a leading provider of stakeholder solutions.

3. Purpose of this Privacy Policy

We ask that you read this Privacy Policy carefully as it contains important information about:

what personal data we may collect from you;
how we will use, store and protect your personal data;
with whom we may share personal data; and
your rights under relevant data protection laws.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

This Privacy Policy sits alongside the Terms of Use for our websites, which we also encourage you to read.

4. Children

Our Sites are intended for use by adults, and we do not knowingly collect information from or about children. If you are a parent or guardian and your child who is under 13 (or other ages as appropriate by country) may have provided personal data to our Site, please contact us. The age of consent for processing personal data in the United Kingdom (the “UK”) is 13 and such age varies from country to country and state to state.

5.What personal data we may collect from you

We may collect and process the following personal data:

Identity data: your full name, title, username, job title, company name, and any other information you might include in a communication to us, including through our “Get in Touch” webform.
Contact data: billing address, delivery address (which could be your office address), personal email address, company email address, personal telephone number (mobile and landline) and company telephone number.
Transaction data: details about payments to and from you, placed order, order history and other details about the products and services you have purchased from us.
Technical data: device Internet Protocol (IP) address, geolocation, your behavior on the Site (e.g. number of visits, information about how you access our Sites, your domains of origin as well as what content you read and click), your login data, browser type and version, cookies, time zone setting and location (including geolocation), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site, vehicle registration details and images.
Profile data: your username and password, purchases or orders made by you, date, duration and time of your calls, a record of calls made to, or by, you, your interests and preferences and your feedback and survey responses.
Usage data: information about how you use of our Site, products and services.
Marketing and communications data: your preferences in receiving marketing from us and our business partners and your communication preferences.
Visitor data: information about your visits, including date and time, vehicle registration, account of any accidents and video footage from CCTV surveillance (if you visit one of our offices).

6. How we collect information from you

We collect your personal data in a number of ways, including as follows:

Automatically: as you browse our Sites, certain information relating to your browsing patterns and technical data about the equipment you are using to access the Site is automatically collected using cookies, server logs and other similar technologies.
Directly from you:contact details, financial, identity data, transaction data, profile data or any other information directly provided by you or your employer when you or your employer request our services, you use our services, you fill in online forms or communicate with us in any way, for example when you:
- call us in connection with our services;
- enter into a contract with us (or someone does so on your behalf);
- create or log into online accounts;
- visit our offices;
- submit a query;
- request or consent to marketing materials being sent to you;
- provide with feedback or contacting us for any reason; or
From Third Parties:
- your employer, if you are identified as a contact for our services;
- third party service providers and business partners engaged by us to provide services to you;
- publicly available sources such as third party and regulatory body websites and social media.

7. How we use your personal data

We have briefly set out below the purposes for which we may use your personal data. We have also identified one or more legal bases on which we rely on for processing your personal data.

To provide the requested services. We may use independent contractors or consultants to provide and deliver our services to you. These individuals (and any related entities) may have access to your personal data only as needed to perform their functions and are obligated to maintain the confidentiality of your personal data. Legal bases: performance of a contract with you, to comply with a legal obligation (including health and safety), our and third party legitimate interests (performance of a contract with a third party like your employer, to manage our business relationship with you and third parties, to keep our records updated and to study how customers use our services). We may also share such details if you provide written permission to us to transmit this information on your behalf.
Processing of invoices/payment and collection of payments due to us: Legal bases: performance of a contract with you, our legitimate interests (performance of a contract with a third party like your employer, to manage our business relationship with you and third parties, to recover amounts due to us, to keep our records updated).
To improve our services and for quality and training purposes: Legal bases: our legitimate interests (to improve our business and services and to study how customers use our services/ to develop them and grow our business).
For benchmarking and statistical purposes: Legal bases: our legitimate interests (to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To personalize your experience on our Sites and optimize and develop user experience on our Sites: Legal bases: our legitimate interests (to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To provide customer service, including responding to your enquiries and fulfilling any of your requests for information or provision of services: Legal bases: performance of a contract with you, our legitimate interests (performance of a contract with a third party like your employer, to manage our business relationship with you and third parties, to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To send you important information regarding our services and/or other technical notices, updates, security alerts, and support and administrative messages: Legal bases: to comply with a legal obligation, our legitimate interests (to improve our business and services, to keep our Sites updated and relevant, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To enable monitoring of behavior and trends that can support us in improving our content and services: Legal bases: to comply with a legal obligation, our legitimate interests (to improve our business and services, to keep our Sites updated and relevant, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
For monitoring and evaluation of the sales of our services as well as marketing actions: Legal bases: your consent, our legitimate interests (to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To track and monitor usage and performance of our services so that we can improve our services and its delivery to you: Legal bases: our legitimate interests (to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
For marketing purposes, sometimes, at business events, we take situational photos which we can then present on our website or on social media: Legal bases: your consent, our legitimate interests (to improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To perform our contractual obligations to you or a third party (e.g. your employer): Legal bases: performance of a contract with you, our and third party legitimate interests (performance of a contract with a third party like your employer and to manage our business relationship with you and third parties).
To manage and protect our business and affairs: Legal bases: to comply with a legal obligation, our legitimate interests (to operate and manage our business, in the context of any purchase or sale of our business or company or any business or group restructuring or reorganization, improve our business and services, to study how customers use our services/ to develop them and grow our business).
To buy or sell any business, assets or shares or for our internal business and group restructurings: Legal bases: to comply with a legal obligation, our legitimate interests (to operate and manage our business, in the context of any purchase or sale of our business or company or any business or group restructuring or reorganization, improve our business and services, to study how customers use our services/ to develop them and grow our business).
For marketing purposes to personalize your experience and to allow us to deliver the type of content and service offerings in which you are most interested: Legal bases: your consent, our legitimate interests (to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To administer and protect our Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data): Legal bases: to comply with a legal obligation, our legitimate interests (for provision of administration and online services and network security, to prevent fraud, to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business).
To deliver relevant Site content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you: Legal bases: our legitimate interests (for provision of administration and online services and network security, to prevent fraud, to perform our contract with a third party, to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To use data analytics to improve our Sites, services, marketing, customer relationships and experiences: Legal bases: to comply with a legal obligation, our legitimate interests (for provision of administration and online services and network security, to prevent fraud, to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business).
To show you relevant advertisements while you are browsing the internet or using social media: Legal bases: your consent, our legitimate interests (to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business, to improve marketing of our business and services).
To process any job application and/or deal with any recruitment process and enter into any employment relationship: Legal bases: to take steps at your request prior to entering into a contract with you, to comply with a legal obligation and our legitimate interests (to assess and evaluate job applicants and record our recruitment activities).
As we believe to be necessary or appropriate:
- in order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law, regulations or any guidance or direction from any supervisory authority: Legal bases: to comply with a legal obligation;
- to enforce or apply this Privacy Policy: Legal bases: to comply with a legal obligation, our legitimate interests (for provision of administration and online services and network security, to prevent fraud, to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business); and
- to protect our legitimate rights, privacy, property or safety, and/or those of a third party as long as your rights do not override those interests: Legal bases: to comply with a legal obligation, our legitimate interests (for provision of administration and online services and network security, to prevent fraud, to operate and manage our business, improve our business and services, to study how customers use our services/ to develop them and grow our business).

8. Marketing

We may collect your identity and contact details (such as your name, email address, phone number or address) in order to send you information about our products and services which you might be interested in. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, we will process your professional data based on legitimate interests to send you a fair processing notice and then respect any communication preferences you give us.

You always have the right to “opt out” of receiving our marketing. You can exercise the right at any time by contacting us at info@pentagroup.co. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials, you will be added to our suppression list to ensure we do not accidentally send you further marketing. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns. We may still need to contact you administrative or operational purposes, but we will make sure that those communications do not include direct marketing.

If you are an existing customer or are acting as a business we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.

We never share your name or contact details with third parties for marketing purposes. We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We retain your details on our marketing list until you “opt-out”, at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.

9. Retention of your data

When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. Job applicant data is retained for up to one year. Other types of personal data are retained for up to seven years. After we have ceased to provide you with services, your data will be processed only for technical reasons (system integrity, back-ups) while it remains inactive in our systems.

Where we need to retain your personal data to comply with our legal or contractual obligations, we will retain such personal data for the duration necessary to comply with such legal or contractual obligations.

We store your personal data as long as you wish to receive marketing content from us (you have right to withdraw your consent or object processing at any time) or after seven years if you remain inactive in our marketing communications.

We retain information collected by a cookie until that cookie expires or is disabled by you.

10. Accuracy of your data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

11. Security of your data

In order to protect your personal data, we put in place appropriate organizational and technical security measures. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required by law, will notify you and any applicable authority of such a breach.

Although we use appropriate security measures once we have received your personal data, you will appreciate that the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

12. Transfer of your data to third parties, international transfers of personal data and sharing your personal data

Please read this section if you are accessing our services from the UK, the European Economic Area (the “EEA”) or Switzerland. Our business and that of the third parties we use to deliver our services to you is international in nature. The Penta entities operate from a number of locations around the world. Consequently, Penta entities may transfer data between them to ensure the most efficient data processing. However, Penta entities will comply by national and other regulation and ensure adequate and appropriate technical, organizational and legal safeguards for international data transfers. If we transfer data to countries or organisations outside of the UK, the EEA or Switzerland which the EU or the UK do not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, standard contractual clauses approved by the EU, UK or a data protection authority) are put in place where required. If you would like more information regarding the safeguards we put in place for international data transfers from the UK, EEA or Switzerland please contact us at info@pentagroup.co.

Our business and operations (including data servers) are primarily based in the United States of America (the “USA”). When you access our services and provide us with your personal details (by logging in on-line), you will in effect be providing us your personal data for processing in the USA.

Your personal data is shared with third party service providers who process the information on our behalf so that we can provide our services to you. Our third party providers may use their own subcontractors who may be given access to your personal data in order to provide our services to you. Our main third party providers are located outside of the UK, EEA and Switzerland and therefore your personal data will be transferred to countries outside of the UK, EEA and Switzerland.

We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business where necessary in connection with the purposes which your information was collected for. We may also need to share your personal data with a regulator or to otherwise comply with the law.

13. Third party links

Our Sites contain links to and from other applications, plug-ins and websites of other networks, advertisers and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and, unless we have expressly agreed otherwise with you, we do not accept any responsibility or liability for the content of these applications or websites or their policies or for any personal data that may be collected through these applications, websites or services. We encourage you to read these privacy policies before you submit any personal data to these applications or websites or use such services.

Please note you have the opportunity to participate in discussions on social media platforms administered by us. The goal of these social media platforms is to enable you to share content. We are not responsible if you share data and personal information on social media platforms and then this information is used or misappropriated by other users on the relevant platform. Any disclosures made on a social media platform will be governed by the privacy policy and terms of use of that platform.

14. Your rights – United Kingdom, European Economic Area (EEA) and Switzerland

If you are located in the UK, the EEA or Switzerland, you have certain rights in relation to the personal data we process and hold about you. These rights are:

Right of access: you have the right to request access to personal data that we may process about you.
Right to rectification: you have the right to require us to correct any inaccuracies in your personal data.
Right to erasure: you have the right to require us to delete your personal data, subject to certain legal requirements.
Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:
- you contest the accuracy of the data and wish to have it corrected; or
- you would prefer restriction to erasure.
Right to object to processing: you have the right to object to our processing of your personal data.
Right to data portability: you have the right to obtain from us the personal data we hold on you.
Right to withdraw consent: where we have relied upon your consent to process your personal data, you have the right at any time to withdraw your consent.
Right to lodge a complaint with a supervisory authority: you have the right to complain to a supervisory authority (the Information Commissioner’s Office is the relevant supervisory authority in the UK).

With the exception of lodging a compliant directly with a supervisory authority (such as the Information Commissioner’s Office), if you are located in the UK, EEA or Switzerland and would like to contact us to exercise any of the other rights set out above, please put your request in writing; include proof of your identity (such as a copy of your driver’s license or passport) and address (such as a recent utility or credit card bill) and specify the right you wish to exercise. We will not use this information for any purpose other than to authenticate your identity.

15. Cookies

We employ “cookies” to provide visitors with tailored information to facilitate your use of the website. A “cookie” is an element of data that a website sends to a visitor’s browser which, in turn, may store that element on the visitor’s hard drive or memory. Any cookies sent by us will be marked so that they will be accessible only by our websites. A visitor may block or delete our cookies from the hard drive. However, by disabling cookies, certain features and functionality of our websites may no longer work properly, or at all.

16.Amendments to this Privacy Policy

We may at any time change, modify, or otherwise update this Privacy Policy without prior notification, so check this page frequently for updates.

This privacy policy was last updated: September 28, 2022.

17. How to contact us

You should be aware that you have the right to raise any concerns with the Information Commissioner's Office in relation to how we process your personal data if you are in the UK or, with your local supervisory authority if you are anywhere else in the EEA or Switzerland.

Alternatively, you may also contact us if you have questions or concerns about this Privacy Policy, our Term of Use, the website or if you wish to update, correct or delete any information you have provided to us. Please contact us via info@pentagroup.co or through the details provided below.

805 15^th Street NW, Suite 200

Washington, DC 20005

+1 (202) 822-1205 (in the United States)

+44 (0) 203 735 9780 (outside the United States)