This California Privacy Schedule supplements our General Privacy Notice and applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act – together, the CCPA – applies to our processing of personal information.
This Privacy Schedule is intended to provide additional California-specific disclosures, including a notice at collection, and should be read together with our General Privacy Notice.
For the purposes of this Privacy Schedule, “personal information”, “sensitive personal information”, “sell”, “share”, “service provider” and “contractor” have the meanings given under the CCPA.
Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice. In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.
This Privacy Schedule applies to California residents whose personal information we process, including:
– visitors to our website;
– clients, prospective clients, suppliers, prospective suppliers, business partners and their representatives;
– event attendees and prospective event attendees;
– business contacts and prospective business contacts; and
– individuals who communicate with us or interact with us in a business context.
This Privacy Schedule does not apply to personnel, employee or candidate data unless expressly stated or required by applicable law.
We may collect the following categories of personal information:
CCPA category 1: Identifiers
– Examples: Name, business email address, telephone number, employer, job title, business address, IP address, online identifiers
– Collected? : Yes
CCPA category 2: Personal information
– Examples: Business contact details, financial or transaction information, payment/invoicing details
– Collected? : Yes
CCPA category 3: Commercial information
– Examples: Records of services provided or received, event attendance, business relationship information, purchase or transaction records
– Collected? : Yes
CCPA category 4: Internet or electronic network activity information
– Examples: Website usage, cookie data, browsing interactions, device/browser information, analytics data
– Collected? : Yes
CCPA category 5: Geolocation data
– Examples: Approximate location inferred from IP address
– Collected? : Limited
CCPA category 6: Professional or employment-related information
– Examples: Employer, job title, professional role, business contact details, work history where provided in a business context
– Collected? : Yes
CCPA category 7: Inferences
– Examples: Business interests, preferences, event interests, marketing preferences and relationship management notes
– Collected? : Yes
CCPA category 8: Sensitive personal information
– Examples: Account log-in details, government ID, financial account information or precise geolocation only where relevant and necessary
– Collected? : Not usually / limited where required
We do not knowingly, deliberately collect personal information from children under 16.
We may collect personal information from:
– you directly;
– your employer or organisation;
– Agency Group companies and The Independents Group companies;
– clients, suppliers, event partners and business partners;
– publicly available sources, such as LinkedIn, professional directories, press sources, public registers and company websites;
– cookies, analytics tools and website technologies;
– service providers and contractors; and
– compliance screening providers and professional advisers.
We collect and use personal information for the purposes described in our General Privacy Notice, including:
– managing business relationships;
– communicating with you;
– providing or receiving services;
– administering contracts, projects, procurement, invoicing and accounts;
– organising and managing events;
– sending business updates, invitations and marketing communications;
– website operation, analytics, security and improvement;
– compliance, sanctions, anti-bribery, KYC and onboarding checks;
– internal reporting, group administration and business operations;
– protecting our business, systems, staff, clients and partners;
– corporate transactions, integrations, mergers, acquisitions, reorganisations or asset sales; and
– complying with legal and regulatory obligations.
Category of recipient 1: Agency Group companies and The Independents Group companies
– Purpose of disclosure: Group administration, reporting, business operations, relationship management and service delivery
Category of recipient 2: Service providers and contractors
– Purpose of disclosure: IT, hosting, CRM, communications, marketing, event administration, analytics, compliance screening and business support
Category of recipient 3: Professional advisers
– Purpose of disclosure: Legal, audit, accounting, insurance, banking and consultancy services
Category of recipient 4: Clients, suppliers, event partners and business partners
– Purpose of disclosure: Business relationship management, service delivery, project administration and event administration
Category of recipient 5: Regulators, authorities, courts and law enforcement
– Purpose of disclosure: Compliance with legal obligations, regulatory requirements and protection of rights
Category of recipient 6: Corporate transaction parties
– Purpose of disclosure: Mergers, acquisitions, reorganisations, investments, integrations, financing transactions or asset sales
In the preceding 12 months, we may have disclosed the following categories of personal information for business purposes:
– identifiers;
– personal information described in Cal. Civ. Code §1798.80;
– commercial information;
– internet or electronic network activity information;
– approximate geolocation data;
– professional or employment-related information;
– inferences; and
– sensitive personal information, only where relevant and necessary.
We do not sell personal information for monetary consideration.
However, under California law, “sale” and “sharing” can include certain disclosures of personal information to third parties through cookies, pixels, analytics, advertising or similar technologies, even where no money is exchanged. Where applicable, certain cookie, pixel, analytics, advertising or similar technologies may be considered a “sale” or “sharing” of personal information under California law, even where no money is exchanged.
Where applicable, we may “share” or “sell” the following categories of personal information for cross-context behavioural advertising, analytics or similar purposes:
Category of personal information 1: Identifiers, such as IP address, cookie IDs or online identifiers
– Categories of third parties: Analytics, advertising or marketing technology providers
– Purpose: Analytics, marketing measurement, advertising and website optimisation
Category of personal information 2: Internet or electronic network activity information
– Categories of third parties: Analytics, advertising or marketing technology providers
– Purpose: Website analytics, marketing measurement and advertising
Category of personal information 3: Inferences, such as business interests or marketing preferences
– Categories of third parties: Analytics, advertising or marketing technology providers
– Purpose: Marketing, audience insights and business development
You may opt out of sale or sharing by:
– using our cookie consent tool; or
– contacting us at DPO@the-independents.com.
We do not use or disclose sensitive personal information for purposes that require a right to limit under the CCPA, unless we provide you with a right to limit such use or disclosure.
Where we collect sensitive personal information, we do so only as reasonably necessary for permitted business purposes, such as security, compliance, account administration, legal obligations or provision of requested services.
We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including for legal, regulatory, tax, accounting, audit, reporting, security, compliance, corporate recordkeeping or dispute purposes.
In general:
Type of personal information 1: Business contact and relationship management data
– Indicative retention approach: Retained for the duration of our relationship with you or your organisation and for a reasonable period afterwards for business administration, relationship management and legal purposes
Type of personal information 2: Contract, project, procurement, invoicing and account records
– Indicative retention approach: Retained for the duration of the relevant relationship, contract or project and typically for 6–7 years afterwards, unless a longer period is required by law
Type of personal information 3: Marketing contact data
– Indicative retention approach: Retained until you unsubscribe, opt out or object, after which we may retain limited suppression details to ensure that we respect your preferences
Type of personal information 4: Event attendance and preference data
– Indicative retention approach: Retained for as long as necessary for event administration, relationship management and marketing purposes, unless you opt out earlier
Type of personal information 5: Website analytics and cookie data
– Indicative retention approach: Retained for the periods described in our Cookies Policy or cookie consent tool
Type of personal information 6: Compliance, sanctions, KYC and due diligence records
– Indicative retention approach: Retained for as long as necessary to satisfy legal, regulatory, audit, compliance and risk management requirements
Type of personal information 7: Complaints, disputes and legal claims records
– Indicative retention approach: Retained for the duration of the matter and for such period afterwards as necessary to protect our legal rights and comply with applicable limitation periods
Further details are set out in our Data Retention Policy, available on request.
Subject to applicable law, California residents may have the right to:
– know/access the personal information we collect, use, disclose, sell or share;
– request a copy of specific pieces of personal information;
– request correction of inaccurate personal information;
– request deletion of personal information;
– obtain a portable copy of personal information;
– opt out of sale or sharing of personal information;
– limit certain uses and disclosures of sensitive personal information, where applicable; and
– not be discriminated against for exercising CCPA rights.
To exercise your California privacy rights, please contact us at: DPO@the-independents.com
Where available, you may also use any privacy request form, cookie consent tool or opt-out link made available on the relevant Agency website.
We may need to verify your identity before responding to your request. The information required for verification may depend on the nature of your request and your relationship with us.
You may use an authorised agent to submit a privacy rights request on your behalf.
We may require the authorised agent to provide proof that you authorised them to act on your behalf. We may also require you to verify your identity directly with us or confirm that you provided the authorised agent with permission to submit the request.
We will not discriminate against you for exercising your rights under the CCPA.
We do not offer financial incentives or price or service differences in exchange for the collection, retention, sale or sharing of personal information, unless we provide you with separate notice as required by applicable law.
California residents may request information about certain disclosures of personal information to third parties for their own direct marketing purposes, where applicable.
To make such a request, please contact: DPO@the-independents.com
If you have questions about this Privacy Schedule or our privacy practices, please contact: DPO@the-independents.com
We may update this Privacy Schedule from time to time. The latest version will be made available on the relevant Agency website or otherwise provided as required by applicable law.
Updated: April 2026
This China Privacy Schedule supplements our General Privacy Notice and applies where the Personal Information Protection Law of the People’s Republic of China, together with applicable PRC data protection, cybersecurity and data security laws, applies to our processing of personal information.
For the purposes of this Privacy Schedule, “personal information”, “sensitive personal information”, “processing” and “personal information processor” have the meanings given under applicable PRC law.
Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice. In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.
The personal information processor responsible for your personal information will usually be the Agency Group entity with which you or your organisation has a relationship, or which operates the relevant website, event or service.
You may contact us at: DPO@the-independents.com
Please see our General Privacy Notice for details of the relevant local entity or representative. Where required by PRC law, other details will be provided separately.
We may process the following categories of personal information:
Category 1: Identity and contact information
– Examples: Name, employer, job title, business address, email address, telephone number, social media/professional profile details
Category 2: Business communications
– Examples: Emails, messages, meeting notes, call notes, event interactions and professional correspondence
Category 3: Profile and relationship information
– Examples: Preferences, event attendance, interests, feedback, marketing preferences and relationship management notes
Category 4: Technical and usage information
– Examples: IP address, browser type, device identifiers, website usage data, cookie and analytics information
Category 5: Compliance information
– Examples: Information used for sanctions, anti-bribery, KYC, onboarding, supplier/client screening and related checks
Category 6: Financial and transaction information
– Examples: Invoicing details, payment information, purchase order details and transaction records
Category 7: Other information
– Examples: Information you or your organisation provide to us in the course of business
We process personal information by electronic and, where necessary, manual means for the following purposes:
– managing our business relationship with you or your organisation;
– communicating with you;
– providing or receiving services;
– administering contracts, projects, accounts, procurement and payments;
– organising and managing events;
– conducting compliance, sanctions, anti-bribery, KYC and onboarding checks;
– sending business updates, invitations and marketing communications, where permitted;
– maintaining and improving our website, systems, services and operations;
– managing group administration, reporting and internal business operations;
– protecting our business, systems, staff, clients and partners;
– managing corporate transactions, reorganisations or integrations; and
– complying with legal, regulatory, tax, accounting and reporting obligations.
We do not usually seek to collect sensitive personal information from business contacts.
Where we need to process sensitive personal information, we will do so only where there is a specific purpose and sufficient necessity, and where required by PRC law we will obtain your separate consent.
Sensitive personal information may include information such as identification documents, financial account information, precise location data, health information, biometric information or other information treated as sensitive under PRC law.
We may share or entrust processing of your personal information with the categories of recipients described in our General Privacy Notice, including:
– Agency Group and The Independents Group companies;
– IT, hosting, CRM, email, marketing and system administration providers;
– event partners and business partners;
– professional advisers, including lawyers, auditors, insurers and accountants;
– compliance screening providers;
– regulators, courts, public authorities and law enforcement bodies; and
– parties involved in corporate transactions, reorganisations or integrations.
Where required by PRC law, we will provide additional details and/or obtain separate consent before sharing your personal information with another independent personal information processor.
Because we are part of an international group, your personal information may be transferred outside Mainland China to Agency Group entities, The Independents Group entities, clients, business partners and service providers in other jurisdictions, including the UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, Switzerland, UAE and other countries in which we, our group companies, clients or service providers operate.
Where required by PRC law, we will implement an appropriate cross-border transfer mechanism, which may include:
– obtaining your separate consent;
– conducting a personal information protection impact assessment;
– entering into the PRC standard contract for cross-border transfer of personal information;
– completing a security assessment where required; and/or
– applying other lawful transfer mechanisms recognised under PRC law.
Where required by PRC law, we will provide additional details of overseas recipients, including their name or category, contact details, country or region, processing purposes, processing methods, categories of personal information, retention period and how you may exercise your rights.
The table set out in the Appendix to this Privacy Schedule provides an overview of the categories of overseas recipients to whom personal information may be transferred. Where PRC law requires more specific details of named overseas recipients, these will be provided separately or on request, as required by applicable law.
We retain personal information only for the period necessary for the purposes described in this Privacy Schedule and our General Privacy Notice, unless a longer retention period is required or permitted by law.
When personal information is no longer required, we will delete it, anonymise it or otherwise handle it in accordance with applicable PRC law and our retention policies.
We do not use your personal information to make decisions based solely on automated processing that produce legal or similarly significant effects on you, unless we notify you separately and do so in accordance with applicable law.
Where we use automated tools, analytics or profiling in connection with our services, we will do so in accordance with applicable law. Where PRC law applies, you may have the right to request an explanation of automated decision-making and to refuse decisions made solely by automated decision-making where such decisions have a significant impact on your rights and interests.
Subject to applicable PRC law, you may have the right to:
– know and decide about the processing of your personal information;
– restrict or refuse processing;
– access and copy your personal information;
– correct or supplement inaccurate or incomplete personal information;
– request deletion of your personal information;
– withdraw consent where processing is based on consent;
– request an explanation of our personal information processing rules; and
– request transfer of your personal information where applicable legal conditions are met.
To exercise your rights, please contact: DPO@the-independents.com
We may need to verify your identity before responding to your request.
Updated: April 2026
Overseas recipient 1: Agency Group companies and The Independents Group entities outside Mainland China
– Country / region: UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, Switzerland, UAE and other jurisdictions where group entities operate
– Purpose of transfer: Group administration, business relationship management, service delivery, reporting, finance, legal, compliance, IT support, management oversight and internal operations
– Categories of personal information: Identity and contact information, business communications, profile and relationship information, technical and usage information, compliance information, financial and transaction information and other relevant business information
– Processing method: Access, storage, use, organisation, analysis, transmission, hosting, support and reporting
– Retention period: As described in our General Privacy Notice, this Privacy Schedule and our applicable retention policies; generally for as long as necessary for the relevant business, legal, compliance, contractual or operational purpose
– How to exercise rights: DPO@the-independents.com
Overseas recipient 2: IT, hosting, cloud, CRM, email, collaboration and system administration providers
– Country / region: UK, EEA, United States, Hong Kong, Singapore and other jurisdictions depending on the provider and system used
– Purpose of transfer: Hosting, storage, IT support, system administration, cybersecurity, CRM management, email communications, collaboration tools and business continuity
– Categories of personal information: Identity and contact information, business communications, technical and usage information, profile and relationship information and other information stored in relevant systems
– Processing method: Hosting, storage, access, transmission, support, maintenance, security monitoring and troubleshooting
– Retention period: For the duration of the relevant service and thereafter as required by contract, law or applicable retention policy
– How to exercise rights: DPO@the-independents.com
Overseas recipient 3: Clients, brands, event partners, production partners and business partners
– Country / region: Relevant client or partner jurisdictions, which may include the UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, UAE and other event or project locations
– Purpose of transfer: Delivering services, managing campaigns, events, productions, collaborations, guestlists, logistics, reporting, client communications and business relationships
– Categories of personal information: Identity and contact information, business communications, profile and relationship information, event or project information, logistics information and other information relevant to the specific service
– Processing method: Access, use, transmission, organisation, analysis, reporting and project administration
– Retention period: For the duration of the relevant project, event, campaign or business relationship and thereafter as required for legal, contractual, audit, reporting or dispute purposes
– How to exercise rights: DPO@the-independents.com
Overseas recipient 4: Event, travel, hospitality, logistics and production service providers
– Country / region: Event, travel or production destination countries and provider locations, which may include the UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, UAE and other jurisdictions
– Purpose of transfer: Event administration, travel booking, accommodation, transport, hospitality, access control, security, production support and related logistics
– Categories of personal information: Identity and contact information, travel information, passport or identification details where necessary, accommodation details, event attendance, dietary/accessibility information where relevant and other logistics information
– Processing method: Access, use, transmission, booking, coordination, storage and support
– Retention period: For the duration of the relevant booking, event, travel, production or logistics purpose and thereafter only as required for legal, audit, security, insurance or dispute purposes
– How to exercise rights: DPO@the-independents.com
Overseas recipient 5: Finance, accounting, payment, banking and professional services providers
– Country / region: UK, EEA, United States, Hong Kong, Singapore, Switzerland and other jurisdictions depending on the provider
– Purpose of transfer: Payments, invoicing, accounting, audit, tax, banking, legal, insurance, compliance and professional advisory services
– Categories of personal information: Identity and contact information, financial and transaction information, invoices, payment details, purchase order information, tax/accounting information and relevant business communications
– Processing method: Access, use, storage, transmission, review, reporting, audit and professional advice
– Retention period: For the period required for payment, accounting, tax, audit, legal, regulatory and dispute purposes, in accordance with applicable law and our retention policies
– How to exercise rights: DPO@the-independents.com
Overseas recipient 6: Compliance screening, sanctions, anti-bribery, KYC and onboarding providers
– Country / region: UK, EEA, United States and other jurisdictions depending on the provider
– Purpose of transfer: Supplier/client screening, sanctions checks, anti-bribery checks, onboarding, compliance, risk management and regulatory recordkeeping
– Categories of personal information: Identity and contact information, employer/company information, role/title, due diligence information, screening results and relevant compliance information
– Processing method: Access, screening, matching, review, storage, reporting and transmission
– Retention period: For as long as necessary for compliance, legal, audit, regulatory, risk management and dispute purposes
– How to exercise rights: DPO@the-independents.com
Overseas recipient 7: Professional advisers, regulators, courts, public authorities and law enforcement bodies
– Country / region: Relevant jurisdictions depending on the matter
– Purpose of transfer: Legal advice, audit, insurance, regulatory compliance, litigation, investigations, enforcement, reporting and protection of rights
– Categories of personal information: Relevant categories of personal information necessary for the relevant legal, regulatory, audit, insurance, investigation or dispute purpose
– Processing method: Access, use, disclosure, transmission, review, storage and professional analysis
– Retention period: For as long as required or permitted by applicable law, professional obligations, regulatory requirements, litigation hold, audit or dispute purposes
– How to exercise rights: DPO@the-independents.com
Overseas recipient 8: Parties involved in corporate transactions, reorganisations, integrations, investments or asset sales
– Country / region: Relevant jurisdictions depending on the transaction
– Purpose of transfer: Due diligence, transaction planning, corporate integration, restructuring, investment, merger, acquisition or asset sale
– Categories of personal information: Identity and contact information, business communications, financial and transaction information, contractual information, compliance information and other information relevant to the transaction
– Processing method: Access, review, analysis, disclosure, storage, transmission and integration planning
– Retention period: For the duration of the transaction process and thereafter as required for legal, regulatory, audit, corporate recordkeeping or dispute purposes
– How to exercise rights: DPO@the-independents.com
Overseas recipient 9: The Independents Group entities outside Mainland China
– Country / region: UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, Switzerland, UAE and other jurisdictions where group entities operate
– Purpose of transfer: Group administration, business relationship management, service delivery, reporting, finance, legal, compliance, IT support, management oversight and internal operations
– Categories of personal information: Identity and contact information, business communications, profile and relationship information, technical and usage information, compliance information, financial and transaction information and other relevant business information
– Processing method: Access, storage, use, organisation, analysis, transmission, hosting, support and reporting
– Retention period: As described in our General Privacy Notice, this Privacy Schedule and our applicable retention policies; generally for as long as necessary for the relevant business, legal, compliance, contractual or operational purpose
– How to exercise rights: DPO@the-independents.com
Overseas recipient 10: IT, hosting, cloud, CRM, email, collaboration and system administration providers
– Country / region: UK, EEA, United States, Hong Kong, Singapore and other jurisdictions depending on the provider and system used
– Purpose of transfer: Hosting, storage, IT support, system administration, cybersecurity, CRM management, email communications, collaboration tools and business continuity
– Categories of personal information: Identity and contact information, business communications, technical and usage information, profile and relationship information and other information stored in relevant systems
– Processing method: Hosting, storage, access, transmission, support, maintenance, security monitoring and troubleshooting
– Retention period: For the duration of the relevant service and thereafter as required by contract, law or applicable retention policy
– How to exercise rights: DPO@the-independents.com
Overseas recipient 11: Clients, brands, event partners, production partners and business partners
– Country / region: Relevant client or partner jurisdictions, which may include the UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, UAE and other event or project locations
– Purpose of transfer: Delivering services, managing campaigns, events, productions, collaborations, guestlists, logistics, reporting, client communications and business relationships
– Categories of personal information: Identity and contact information, business communications, profile and relationship information, event or project information, logistics information and other information relevant to the specific service
– Processing method: Access, use, transmission, organisation, analysis, reporting and project administration
– Retention period: For the duration of the relevant project, event, campaign or business relationship and thereafter as required for legal, contractual, audit, reporting or dispute purposes
– How to exercise rights: DPO@the-independents.com or, where appropriate, the relevant client or partner identified to you
Overseas recipient 12: Event, travel, hospitality, logistics and production service providers
– Country / region: Event, travel or production destination countries and provider locations, which may include the UK, EEA, United States, Hong Kong, Singapore, Japan, Korea, UAE and other jurisdictions
– Purpose of transfer: Event administration, travel booking, accommodation, transport, hospitality, access control, security, production support and related logistics
– Categories of personal information: Identity and contact information, travel information, passport or identification details where necessary, accommodation details, event attendance, dietary/accessibility information where relevant and other logistics information
– Processing method: Access, use, transmission, booking, coordination, storage and support
– Retention period: For the duration of the relevant booking, event, travel, production or logistics purpose and thereafter only as required for legal, audit, security, insurance or dispute purposes
– How to exercise rights: DPO@the-independents.com
This Japan Privacy Schedule supplements our General Privacy Notice and applies where the Act on the Protection of Personal Information of Japan applies to our processing of personal information.
For the purposes of this Privacy Schedule, “personal information”, “personal data”, “retained personal data”, “special care-required personal information” and related terms have the meanings given under Japanese law.
Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice. In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.
The business operator responsible for handling your personal information will usually be the Agency Group entity with which you or your organisation has a relationship, or which operates the relevant website, event or service.
You may contact us at: DPO@the-independents.com
Where required by Japanese law, details of the relevant entity, including its name, address and representative, will be provided separately or on request. Please see our General Privacy Notice for further details.
We may process the following categories of personal information:
Category 1: Identity and contact information
– Examples: Name, employer, job title, business address, email address, telephone number, professional profile details
Category 2: Business communications
– Examples: Emails, messages, meeting notes, event interactions and professional correspondence
Category 3: Profile and relationship information
– Examples: Preferences, event attendance, interests, feedback, marketing preferences and relationship management notes
Category 4: Technical and usage information
– Examples: IP address, browser type, device identifiers, website usage, cookie and analytics information
Category 5: Compliance information
– Examples: Information used for sanctions, anti-bribery, KYC, onboarding, supplier/client screening and related checks
Category 6: Financial and transaction information
– Examples: Invoicing details, payment information, purchase order details and transaction records
Category 7: Other information
– Examples: Information you or your organisation provide to us in the course of business
We use personal information for the purposes described in our General Privacy Notice, including:
– managing our business relationship with you or your organisation;
– communicating with you;
– providing or receiving services;
– administering contracts, projects, accounts, procurement and payments;
– organising and managing events;
– conducting compliance, sanctions, anti-bribery, KYC and onboarding checks;
– sending business updates, invitations and marketing communications, where permitted;
– maintaining and improving our website, systems, services and operations;
– group administration, reporting and internal business operations;
– protecting our business, systems, staff, clients and partners;
– corporate transactions, reorganisations and integrations; and
– complying with legal, regulatory, tax, accounting and reporting obligations.
We will not use personal information beyond these purposes except where permitted by applicable law.
We do not usually seek to collect special care-required personal information from business contacts.
Where we process special care-required personal information, we will do so only where permitted by Japanese law and, where required, with your consent.
We may provide personal information to third parties as described in our General Privacy Notice, including:
– Agency Group and The Independents Group companies;
– IT, hosting, CRM, email, marketing, analytics and system administration providers;
– event partners and business partners;
– professional advisers;
– compliance screening providers;
– regulators, courts, public authorities and law enforcement bodies; and
– parties involved in corporate transactions, reorganisations or integrations.
Where required by Japanese law, we will obtain consent before providing personal data to a third party, unless an exception applies.
Because we are part of an international group, personal information may be transferred outside Japan to Agency Group entities, The Independents Group entities and service providers in other jurisdictions, including the EEA, UK, United States, Hong Kong, Singapore, Korea, PRC / Mainland China, Switzerland, UAE and other jurisdictions in which we or our service providers operate.
Where required by Japanese law, before transferring personal data to a third party outside Japan, we will obtain consent or rely on another permitted transfer mechanism. Where required, we will provide information about the recipient country, the data protection system in that country and the measures taken by the recipient to protect personal data.
You may contact us for further information about overseas transfers.
Where permitted by Japanese law, personal information may be jointly used within Agency Group and The Independents Group for the purposes described in this Privacy Schedule.
Item 1: Categories of jointly used personal information
– Details: Identity and Contact Data, Business Communications, Profile Data, Technical Data, Due Diligence and Compliance Data, Financial and Transaction Data and other relevant business contact information
Item 2: Scope of joint users
– Details: Agency Group companies and The Independents Group companies
Item 3: Purposes of joint use
– Details: Business relationship management, service delivery, group administration, reporting, marketing, compliance, internal operations, systems management and corporate transactions
Item 4: Entity responsible for joint use
– Details: The relevant Agency Group entity with which you or your organisation has a relationship, or such other group entity identified to you where required
Item 5: Contact
– Details: DPO@the-independents.com
Where Japanese law requires more specific information about the responsible entity, including its name, address and representative, this will be provided in the General Privacy Notice, a separate Japan local notice, on our website or otherwise as required by Japanese law. Please see our General Privacy Notice for further details.
We take appropriate security control measures to protect personal information from unauthorised access, loss, destruction, alteration, leakage or disclosure.
These measures may include access controls, confidentiality obligations, staff training, internal policies, technical security measures, vendor management, incident response procedures and other organisational, technical and administrative safeguards.
Further information about our security control measures is available on request, subject to protection of security-sensitive information.
We retain personal information only for as long as reasonably necessary for the purposes for which it was obtained, including to manage business relationships, provide or receive services, administer projects, accounts and events, maintain business records, comply with legal, regulatory, tax, accounting and reporting obligations, resolve disputes and protect our legal rights.
In general:
Type of personal information 1: Business contact and relationship management data
– Indicative retention approach: Retained for the duration of our relationship with you or your organisation and for a reasonable period afterwards
Type of personal information 2: Contract, project, procurement, invoicing and account records
– Indicative retention approach: Retained for the duration of the relevant relationship, contract or project and typically for 6–7 years afterwards, unless a longer period is required by law
Type of personal information 3: Marketing contact data
– Indicative retention approach: Retained until you unsubscribe, opt out or object, after which we may retain limited suppression details
Type of personal information 4: Event attendance and preference data
– Indicative retention approach: Retained for as long as necessary for event administration, relationship management and marketing purposes
Type of personal information 5: Website analytics and cookie data
– Indicative retention approach: Retained for the periods described in our Cookies Policy or cookie consent tool
Type of personal information 6: Compliance, sanctions, KYC and due diligence records
– Indicative retention approach: Retained for as long as necessary for legal, regulatory, audit, compliance and risk management purposes
Type of personal information 7: Complaints, disputes and legal claims records
– Indicative retention approach: Retained for the duration of the matter and for such period afterwards as necessary to protect our legal rights
Further details are set out in our Data Retention Policy, available on request.
Subject to applicable Japanese law, you may have rights to request:
– notification of purposes of use;
– disclosure of retained personal data;
– disclosure of records of third-party provision, where applicable;
– correction, addition or deletion;
– suspension of use;
– erasure;
– suspension of third-party provision; and
– other rights recognised under Japanese law.
To exercise your rights, please contact: DPO@the-independents.com
We may need to verify your identity before responding. Where permitted by law, we may charge a reasonable fee for certain requests.
If you have questions or complaints about our handling of personal information in Japan, please contact us at: DPO@the-independents.com
You may also contact the Personal Information Protection Commission of Japan, where applicable.
Updated: April 2026
This Korea Privacy Schedule supplements our General Privacy Notice and applies where the Personal Information Protection Act of Korea applies to our processing of personal information.
For the purposes of this Privacy Schedule, “personal information”, “processing”, “data subject” and related terms have the meanings given under Korean law.
Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice. In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.
The controller responsible for your personal information will usually be the Agency Group entity with which you or your organisation has a relationship.
You may contact our privacy team at: DPO@the-independents.com
Where required, we will identify a local privacy officer or responsible contact separately.
We process the following personal information for the following purposes:
Categories of personal information 1: Name, employer, job title, business address, email address, telephone number
– Purposes of processing: Business relationship management, communications, providing or receiving services, event invitations and administration
– Retention period: For the duration of the business relationship and thereafter as necessary for legal, regulatory, accounting, dispute or legitimate business purposes
Categories of personal information 2: Emails, messages, meeting notes, call notes and business correspondence
– Purposes of processing: Project administration, relationship management, responding to requests, record keeping
– Retention period: As necessary for the relevant business purpose and in accordance with our Data Retention Policy
Categories of personal information 3: Preferences, event attendance, interests, marketing preferences
– Purposes of processing: Event management, marketing, business development and relationship management
– Retention period: Until opt-out/withdrawal or as otherwise required by law or our Data Retention Policy
Categories of personal information 4: IP address, browser type, device identifiers, cookie and website usage data
– Purposes of processing: Website operation, analytics, security and improvement
– Retention period: As described in our Cookies Policy or Data Retention Policy
Categories of personal information 5: Compliance, sanctions, anti-bribery, KYC or onboarding information
– Purposes of processing: Legal and regulatory compliance, risk management and screening
– Retention period: As required for compliance purposes and applicable limitation periods
Categories of personal information 6: Invoicing, payment, purchase order and transaction information
– Purposes of processing: Accounts, payments, procurement, financial administration and tax/accounting compliance
– Retention period: As required by tax, accounting and legal obligations
We do not usually collect sensitive information or unique identification information from business contacts. Where we are required to process such information, we will obtain consent where required by Korean law.
We may provide personal information to third parties where necessary for the purposes described in our General Privacy Notice, where permitted by law or where you have consented.
Where required by Korean law, we will provide specific details of third-party provision, including the recipient, purpose, items provided, retention period and whether consent is required.
Current third-party provision arrangements may include:
Recipient 1: Agency Group / The Independents Group entities
– Purpose: Group administration, business relationship management, reporting, service delivery and internal operations
– Items provided: Identity, Contact, Business Communications, Profile, Compliance and Transaction Data as relevant
– Retention/use period: As necessary for the relevant purpose and in accordance with our Data Retention Policy
Recipient 2: Professional advisers, regulators or transaction counterparties
– Purpose: Legal, audit, insurance, regulatory, compliance or corporate transaction purposes
– Items provided: Relevant personal information necessary for the relevant legal, audit, insurance, regulatory, compliance or transaction purpose
– Retention/use period: As necessary for the relevant purpose or as required by law
We may outsource processing of personal information to service providers who process personal information on our behalf.
Outsourced processing may include:
Outsourced processor / category 1: IT, hosting and cloud service providers
– Outsourced function: Hosting, storage, security, infrastructure and system support
Outsourced processor / category 2: CRM and business systems providers
– Outsourced function: Contact management, relationship management and business administration
Outsourced processor / category 3: Email and communications providers
– Outsourced function: Email, messaging, communications and collaboration tools
Outsourced processor / category 4: Marketing and event platforms
– Outsourced function: Event invitations, event administration, marketing communications and preference management
Outsourced processor / category 5: Analytics and cookie providers
– Outsourced function: Website analytics, performance measurement, cookie management, usage reporting and service improvement
Outsourced processor / category 6: Professional advisers
– Outsourced function: Legal, audit, insurance, accounting and consultancy support
Outsourced processor / category 7: Compliance screening providers
– Outsourced function: Sanctions, anti-bribery, KYC and onboarding checks
We supervise outsourced processors in accordance with Korean law and require appropriate contractual and security controls.
Where Korean law requires publication of named processors, the names and details of relevant processors will be made available on request or in a separate Korean local notice, on the Agency’s website, or otherwise as required by applicable law. Please see our General Privacy Notice for further details.
Your personal information may be transferred outside Korea to The Independents Group entities and service providers in other jurisdictions, including the UK, EEA, United States, Hong Kong, Singapore, Japan, Switzerland, UAE and other jurisdictions in which we or our service providers operate.
Where required by Korean law, we will provide further details and obtain consent or rely on another lawful basis for overseas transfer.
Recipient / category 1: The Independents Group entities
– Country / region: UK, EEA, United States, Hong Kong, Singapore, Japan, Switzerland, UAE and other relevant jurisdictions
– Date and method of transfer: Ongoing / secure electronic transfer, remote access or system access
– Purpose of transfer: Group administration, business relationship management, reporting, service delivery, finance, legal, compliance, IT support and internal operations
– Items transferred: Identity and contact information, business communications, profile and relationship information, compliance information, financial and transaction information and other relevant business information
– Retention / use period: As necessary for the relevant purpose and in accordance with our Data Retention Policy
Recipient / category 2: IT, hosting, cloud, CRM, email and collaboration providers
– Country / region: Various jurisdictions depending on the provider
– Date and method of transfer: Ongoing / secure electronic transfer, hosting or remote access
– Purpose of transfer: Hosting, storage, CRM, communications, IT support, system administration, cybersecurity and business continuity
– Items transferred: Identity and contact information, business communications, technical and usage information and other information stored in relevant systems
– Retention / use period: For the duration of the relevant service and thereafter as required by contract, law or our Data Retention Policy
Recipient / category 3: Marketing, event and analytics platforms
– Country / region: Various jurisdictions depending on the provider
– Date and method of transfer: Ongoing / secure electronic transfer, platform access or cookie/analytics collection
– Purpose of transfer: Event invitations, event administration, marketing communications, preference management, analytics and service improvement
– Items transferred: Identity and contact information, marketing preferences, event information, technical and usage information and engagement information
– Retention / use period: As necessary for the relevant purpose and in accordance with our Data Retention Policy
Recipient / category 4: Finance, payment, accounting and professional service providers
– Country / region: Various jurisdictions depending on the provider
– Date and method of transfer: As needed / secure electronic transfer or remote access
– Purpose of transfer: Payments, invoicing, accounting, audit, tax, legal, insurance, compliance and professional advisory services
– Items transferred: Identity and contact information, financial and transaction information, invoices, payment details, purchase order information and relevant business communications
– Retention / use period: As required for payment, accounting, tax, audit, legal, regulatory and dispute purposes
Recipient / category 5: Compliance screening providers
– Country / region: Various jurisdictions depending on the provider
– Date and method of transfer: As needed / secure electronic transfer or platform access
– Purpose of transfer: Sanctions, anti-bribery, KYC, onboarding, supplier/client screening and risk management
– Items transferred: Identity and contact information, employer/company information, role/title, due diligence information, screening results and relevant compliance information
– Retention / use period: As long as necessary for compliance, legal, audit, regulatory, risk management and dispute purposes
When personal information is no longer required, we will destroy it without undue delay unless retention is required by law or necessary for legitimate business purposes.
Electronic records will be deleted or anonymised using appropriate technical measures. Paper records, where any exist, will be shredded, securely destroyed or otherwise disposed of securely.
We maintain appropriate technical, organisational and administrative safeguards to protect personal information, including access controls, system security, confidentiality obligations, internal policies, training, monitoring and incident response procedures.
Subject to applicable law, you may request:
– access to your personal information;
– correction of inaccurate personal information;
– deletion of personal information;
– suspension of processing;
– withdrawal of consent; and
– information about processing, third-party provision, outsourcing and overseas transfers.
To exercise your rights, please contact: DPO@the-independents.com
We may need to verify your identity before responding.
If you have concerns about our processing of your personal information, please contact us first at: DPO@the-independents.com
You may also contact the Korean Personal Information Protection Commission or other relevant Korean authorities.
Updated: April 2026