For how we use your information that is collected using cookies and similar technologies please see the “Cookies” section below.

Do we pass your information to third parties?

We may send your personal information to other Design Bridge and Partners and WPP group companies, affiliates and third parties to help us process your personal information for the purposes set out in this policy. Further details of our group companies can be found here.

We may disclose your personal information if we or any of our assets are the subject of a sale or similar corporate transaction. We will ensure that the third parties who receive your personal information are required to keep it confidential.

We may disclose personal information to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.

Where do we send your information?

We are a global company and therefore we may transfer your personal information to countries around the world including the US and other countries outside of the UK and Europe. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards (we use standard contractual clauses) to ensure your information is protected.

How long do we keep your information?

We only keep your personal information for as long as we need to, to be able to use it for the reasons given in this privacy notice, and for as long as we are required to keep it by law. For example, following a job application we may keep your information to inform you of any other opportunities that become available; however, we will only keep your information for a limited period and your details will not be kept longer than is reasonably necessary or as required by law.

Third Party Websites

Our website links to third party sites which we do not operate or endorse. These websites may use cookies and collect your personal information in accordance with their own privacy policies. This privacy policy does not apply to third party websites and we are not responsible for third party websites.

How do we protect your information?

We take appropriate technical and organisational measures to ensure that your personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.

Children’s Privacy

This website is not intended or designed to attract children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16. If you are under 16 years old and wish to ask a question or use this site in any way which requires you to submit your personal information, please get your parent or guardian to do so on your behalf.

Your rights

You are entitled to ask:

1. for a copy of the personal information we hold about you, and details about how we are processing your personal information;
2. to have any inaccuracies in your personal information corrected;
3. if we are processing your personal information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so; and
4. to have your personal information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).

Please contact us using the details set out below if you would like to exercise any of these rights.

You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. Please refer to the data protection authority where you are located. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

Responsible Disclosures

Design Bridge and Partners appreciates and values the identification and reporting of security vulnerabilities carried out by well-intentioned, ethical security researchers. Please read our Responsible Disclosures Policy in full below.

How to contact us

If you wish to exercise any of your rights in relation to your personal information or if you have any queries about how we use your personal information, please let us know by contacting us at the following address: Design Bridge and Partners, Sea Containers House, 18 Upper Ground, London, SE1 9PD, or by email at hello@designbridge.com

Changes to this privacy policy

We review this privacy policy on a regular basis to ensure that it is up-to-date with our use of your personal information, and compliant with applicable data protection laws.

We reserve the right, at our discretion, to revise this privacy policy at any time. The updated privacy policy will be posted on our website. You are encouraged to review this privacy policy from time to time.

Last Updated 20th September 2024

At Design Bridge and Partners we are committed to ensuring that your personal information is protected and never misused.

Our privacy policy explains what personal information we collect, why we collect it, how we use it, the controls you have over your personal information and the procedures that we have in place to protect your privacy. It applies to personal information we collect through public sources (eg LinkedIn) as well as CVs and other documents you send to us.

By sharing your personal information with us, you confirm that you have read and understood the terms of this privacy policy. We take responsibility for the personal information we collect about you, and we aim to be transparent about how we handle it, and give you control over it.

In this privacy policy, when we refer to “Design Bridge and Partners", "us", "we" or "our", we mean Design Bridge and Partners Limited and its operating companies. If you have any questions, comments or concerns about any aspect of this policy or how Design Bridge and Partners handles your information please email our privacy team at talent@designbridge.com

What personal information do we collect?

We collect personal information from you in several different ways; you may share that information with us, or we may collect it using other means. In this section, we explain the different ways we collect personal information from you and some ways in which that information will be used. For more detail on how we use your personal information, please see the section titled How do we use your personal information?

We collect personal information that you share with us when you contact us or interact with us through our website, email, phone or otherwise. You can decide not to provide certain information, or ask that any information you have previously shared is removed. If you do so, you may not be able to take full advantage of a career at Design Bridge and Partners and progress an application. For example, you may provide information to us when in contact about an opportunity to work at Design Bridge and Partners, sharing a CV or Resume or other career information.

Through these interactions you may share with us: your name, address, email address, postal address, contact number, career history (usually in the form of a CV) as well as any other personally identifiable information you include in your interactions with Design Bridge and Partners. We may also ask for additional information to assist us with our recruitment process and in the event you are offered a job.

How do we use your personal information?

We may share your personal information with companies in the WPP Group, and given the global nature of our company, your personal information may be transferred from one jurisdiction to another. When we make such transfers, we do so in accordance with data protection legislation, for example by using Standard Contractual Clauses where information is transferred from Design Bridge and Partners in the European Economic Area to Design Bridge and Partners in the United States of America.

By submitting your personal information to us, you agree to us transferring, storing and handling your personal information in this way. We share your personal information with certain third parties who provide services on our behalf. They only have access to the personal information they need to perform those services. They are required to keep your personal information confidential and may not use it other than as we ask them to and always in accordance with this privacy policy.

We use the personal information you share with us in the following ways:

• To communicate with you;
• To provide you with updates about your Design Bridge and Partners application;
• To provide services and support for any application you make;
• To facilitate any application you make to Design Bridge and Partners;
• To provide updates to you about any changes to Design Bridge and Partners’ policies, terms and conditions and any other matters which we may need to tell you;
• If you have asked us to keep you informed of other opportunities at Design Bridge and Partners, we may periodically contact you to tell you about these; and
• To respond to your queries and requests.

We are required by law to state a “legal basis for processing”, i.e. to tell you on what grounds we are allowed to use your information. In order to assess your suitability for a role or process and consider your job application, we rely upon legitimate interests for the processing of your personal information as described above.

Contacting you in the future

If you have asked us to we will keep you informed of other opportunities at Design Bridge and Partners. We do this in various ways, including email, post, SMS, via social media platforms and by phone, but only if you are happy for us to do so. We keep your information for a period of time reasonable to fulfill this purpose. If you would like more information on how we share your personal information, please email our privacy team at talent@designbridge.com

Links to third party websites

We may provide links to other websites which are not operated and controlled by Design Bridge and Partners. We have no control over and are not responsible for the content of those sites or how the third parties responsible for them collect and use your personal information. We do not endorse or make any representations about third party websites.

Third party websites may have their own privacy policies explaining how they use and share your personal information. You should carefully review those privacy policies before you use these websites to make sure that you are happy with how your personal information is being collected and shared.

How long do we keep your personal information?

We will retain your personal information for as long as needed for the purposes for which it was collected. If we do not employ you, we may retain your personal information for up to 2 years for legal, analytical and system administration purposes and to consider you for potential future roles. Thereafter, we may retain a minimal amount of your personal data to record your recruiting activity with us. If you are successful in your application, we will retain your information in accordance with our Design Bridge and Partners Fair Processing Notice. A copy of this Notice will be provided to you upon joining Design Bridge and Partners.

Informing us of changes

If any of the information that you have provided to Design Bridge and Partners changes, for example if you change your email address, name or postal address, you can update, amend or request removal of information by submitting a request to talent@designbridge.com.

How do we protect your personal information?

We use appropriate technical and organisational measures, including encryption, to protect your personal information and privacy, and review those regularly. We protect your personal information using a combination of physical and IT security controls, including access controls that restrict and manage the way in which your personal information and data is processed, managed and handled. Whilst we cannot guarantee the security of your personal information, we commit to taking all reasonable steps to do so.

Your rights

You are entitled to ask:

1. for a copy of the personal information we hold about you, and details about how we are processing your personal information;
2. to have any inaccuracies in your personal information corrected;
3. if we are processing your personal information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so; and
4. to have your personal information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).
5. Please contact us using the details set out below if you would like to exercise any of these rights. You also have the right to make a complaint to the supervisory authority if you’re not happy with how we’ve handled your personal information. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

Changes to this privacy policy

We will review and update this privacy policy from time to time and will note the date it was last updated below.

Contact us

If you have any questions, comments or concerns, or would like to make a complaint about how we use the personal information we hold about you, please email our privacy team. You can contact our privacy team at any time at hello@designbridge.com. We will get back to you as soon as possible.

Design Bridge and Partners CALIFORNIA CONSUMER PRIVACY NOTICE FOR JOB APPLICANTS

Date Last Updated: 25th April 2025

1. ABOUT THIS PRIVACY NOTICE

1.1. During the course of our activities we, Design Bridge and Partners, will process personal information (which may be held on paper, electronically, or otherwise) about applicants for roles in our business and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to job applicants (“Applicant”) who are residents of the State of California. 1.2. This Notice also serves as our “Notice at Collection” under the CPRA.
1.3. We may amend this notice at any time, for which we do not require Applicant approval, but we will keep Applicants informed of material changes.

2. DATA PROTECTION PRINCIPLES

2.1. We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include: (a) Lawfulness, fairness and transparency. (b) Purpose limitation. (c) Data minimization. (d) Data accuracy. (e) Storage limitation. (f) Integrity and confidentiality. (g) Accountability. 2.2. "Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying or using the data in any way.

3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

3.1. We may collect the following categories of personal information for the purposes explained below:

• Personal identifiers: such as your name, home address, phone number, email, passport number, driver’s license number, date of birth, signature, education, bank details, medical information, health insurance information and unique personal identifiers (such as device IDs, cookies, beacons, pixels, mobile device IDs, and similar technologies).
• Personal information protected under California Civil Code Section 1798.80(e): such as information about your age, race, ethnicity, marital status, sex, or gender.
• Characteristics of protected classifications under California or federal law: such as your name, signature, social security number, physical characteristics or description, address, telephone num ber, passport number, driver’s license information or state ID number, insurance policy number, education information, employment information, commercial information, including records of personal property, products or services purchased, obtained or considered or other purchasing or consumer histories or tendencies, bank account number, other financial information, medical information, biometric information or health insurance information.
• Professional or employment-related information: such as your academic background, employment record, employment contract, references, information relating to your achievements, accreditations and awards, training, performance evaluations, any termination information.
• Education information, such as your academic background, education transcripts, and information related to your achievements, accreditations and awards, and training.
• Sensory data: such as video or audio information relating to your interview or CCTV footage as monitored by our security cameras in the facilities we operate.
• Inferences taken from other personal information, including information to create a profile: information inferred from information gathered sources to create your profile e.g., this could refer to things like your characteristics, behaviour, abilities.
• Sensitive personal information: as defined in the CPRA, such as your driver’s license information, passport information, bank details, precise geolocation information, biometric data, or information about your race, sexual orientation, health, or ethnic origin. 3.2 We may also collect notes linked to job interviews, information obtained from our background screening, test results or any other information you provide when applying for a job with us.

4. SOURCES OF PERSONAL INFORMATION

4.1 We will collect personal information directly from you during your application process or when you otherwise contact us. 4.2 In most instances, you are required to make your personal information available (such as part of your job application), and the supply of the information is accordingly mandatory. In instances where it is voluntary, we will inform you accordingly. 4.3 We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:

• Recruitment partners;
• Academic institutions;
• Social media platforms or publicly accessible sources (e.g. Twitter, Facebook, Linkedin);
• Previous employers and references;
• Pre-employment screening and background check vendors and
• Other sources as directed by you for example, accreditation boards etc .

5. BUSINESS PURPOSES FOR COLLECTING PERSONAL INFORMATION

We process the categories of personal information listed above for the following purposes:

• Recruiting our employees: we use your personal information to manage your job application and application profile, assess your academic background, arrange, and conduct interviews and to liaise with you.
• Conducting prior screening and background checks: we use your personal information to undertake screening and background checks.
• Equal opportunities legislation: we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
• Complying with legislation: we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.
• Our vital interests: we use your personal information to undertake internal investigations, prevent or detect fraud or security incidents, protect our employees’ rights and safety, manage whistleblowing cases, and adhere to our company policies.

6. DISCLOSURE OF PERSONAL INFORMATION

We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:

• Affiliates and subsidiaries: we may share your personal information with our affiliates and subsidiaries.
• Service providers: we may share your personal information with service provides (these could include head-hunters, vendors who undertake screening services or background checks, third party benefit providers, payroll firms, and finance vendors).
• Professional service firms: we may share your personal information with advisors such as auditors or legal counsel.
• Persons involved with business acquisitions or mergers: we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
• Government: we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.

7. PURPOSE LIMITATION

We will only process your personal data for the specific purpose or purposes notified to you.

8. DATA MINIMIZATION

Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.

9. DATA ACCURACY

We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

10. STORAGE LIMITATION

We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.

11. DATA SECURITY

11.1. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. 11.2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. 11.3. Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.

12. Your rights

The CPRA provides you with certain rights in relation to your personal information. These rights include:

• The right to know: You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collect or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
• The right to delete: You have the right to delete the personal information we have processed about you.
• The right to correct: You have the right to correct or amend the personal information we have on file about you that may be incorrect.
• The right to non-discrimination: You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against in an employment setting.

The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law. Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity. Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.

13. CONTACT AND QUERIES

We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA. Should you have any queries regarding this notice or processing of personal information by Design Bridge and Partners please contact us by email at hello@designbridge.com or by telephone at +44 207 814 9922.

Design Bridge and Partners CALIFORNIA CONSUMER PRIVACY NOTICE FOR CLIENTS

Date Last Updated: 25th April 2025

1. ABOUT THIS PRIVACY NOTICE

1.1. During the course of our activities we, Design Bridge and Partners, will process personal information (which may be held on paper, electronically, or otherwise) about our clients and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to personal information that we collect from our Clients who are residents of the State of California. 1.2. This Notice also serves as our “Notice at Collection” under the CPRA.
1.3. This Notice may be amended at any time, for which we do not require client approval. 1.4. If we process your information through our website, please review our website privacy policy.

2. DATA PROTECTION PRINCIPLES

2.1. We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include: (a) Lawfulness, fairness and transparency. (b) Purpose limitation. (c) Data minimization. (d) Data accuracy. (e) Storage limitation. (f) Integrity and confidentiality. (g) Accountability. 2.2. "Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying, or using the data in any way.

3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

3.1. We may collect the following categories of personal information for the purposes explained below:

• Personal identifiers: such as your name, address, phone number, and email signature.

• Characteristics of protected classifications under California or federal law: such as your name, signature, address, telephone number, employment information, commercial information, products or services purchased, bank account number of your representing entity or other financial information of your representing entity.

• Professional or employment-related information: such as your job title, position, and name of the company.
• Sensory data: such as CCTV footage as monitored by our security cameras in the facilities we operate.
• Inferences taken from other personal information, including information to create a profile: information inferred from information gathered sources to create your profile e.g., this could refer to things like your job title etc. 3.2 We may also collect notes linked to our business development initiatives, or any other information you provide when engaging with us.

4. SOURCES OF PERSONAL INFORMATION

4.1 We will collect personal information directly from you or the entity you represent or when you otherwise contact us. 4.2 In most instances, you are required to make your personal information available (such as part of managing your commercial relationship with us), and the supply of the information is accordingly mandatory. In instances where it is voluntary, we will inform you accordingly. 4.3 We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:

• Publicly accessible sources (company website, companies house, other website sources); and
• Other sources as directed by you for example, client-led presentations, one pagers etc . 4.4. If you are our Client, we may also collect information from you during the course of your relationship with Design Bridge and Partners. This may include information we collect through liaising with you.

5. BUSINESS PURPOSES FOR COLLECTING PERSONAL INFORMATION

We process the categories of personal information listed above for the following purposes:

• Managing our relationship: we use your personal information to process data of representatives or contacts of our customers who are legal entities to manage our relationship and communicate with you.
• Making decisions about supplying goods and services: we use your personal information to make decisions about supplying goods and services (e.g., determining payment or the terms of our contractual agreement(s) etc). In cases where our client is a legal person, we use your personal information to keep our client updated throughout our relationship. Moreover, we use your personal data to supply goods and services to you and to keep you updated throughout our relationship.
• To manage your visit to our offices: we use your personal information for purposes required by law e.g., to comply with fire safety regulations.
• To keep you informed: we use your personal information to keep you informed of news, updates and other information related to our business and that of other companies in our group.
• Equal opportunities legislation: we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
• Complying with legislation: we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.
• Conducting prior screening checks: we use your personal information to undertake screening and background checks.
• Upholding our commercial interests: we use your personal information to uphold our company’s economic interests and ensuring compliance and reporting (such as adhering to our policies, local legislation and managing allegations of fraud or misconduct). In cases where our client is a natural person, we use your personal data to investigate and prevent fraud or misconduct and to protect our economic interests.

6. DISCLOSURE OF PERSONAL INFORMATION

We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:

• Affiliates and subsidiaries: we may share your personal information with our affiliates and subsidiaries.
• Service providers: we may share your personal information with service providers (these could include third party onboarding partners, finance vendors).
• Professional service firms: we may share your personal information with advisors such as auditors or legal counsel.
• Persons involved with business acquisitions or mergers: we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
• Government: we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.

7. PURPOSE LIMITATION

We will only process your personal data for the specific purpose or purposes notified to you.

8. DATA MINIMIZATION

Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.

9. DATA ACCURACY

We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

10. STORAGE LIMITATION

We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.

11. DATA SECURITY

11.1. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. 11.2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. 11.3. Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.

12. Your rights

The CPRA provides you with certain rights in relation to your personal information. These rights include:

• The right to know: You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collect or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
• The right to delete: You have the right to delete the personal information we have processed about you.
• The right to correct: You have the right to correct or amend the personal information we have on file about you that may be incorrect.
• The right to non-discrimination: You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against. The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law. Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name, employee number, or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity. Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.

13. CONTACT AND QUERIES

We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA. Should you have any queries regarding this notice or processing of personal information by Design Bridge and Partners please contact us by email at hello@designbridge.com or by telephone at +44 207 814 9922.

Design Bridge and Partners CALIFORNIA CONSUMER PRIVACY NOTICE FOR VENDORS

Date Last Updated: 25th April 2025

1. ABOUT THIS PRIVACY NOTICE

1.1. During the course of our activities we, Design Bridge and Partners, will process personal information (which may be held on paper, electronically, or otherwise) about our Vendors (third party companies providing products or services to Design Bridge and Partners) and we recognize the need to treat it in an appropriate and lawful manner, in accordance with the California Privacy Rights Act (CPRA) and other applicable data protection laws. The purpose of this privacy notice (“Notice”) is to make you aware of how we, as a Business, will handle your personal information. This notice applies to personal information we collect from our vendors who are residents of the State of California. 1.2. This Notice also serves as our “Notice at Collection” under the CPRA.
1.3. This Notice may be amended at any time, for which we do not require vendor approval. 1.4. If we process your information through our website, please review our website privacy policy.

2. DATA PROTECTION PRINCIPLES

2.1. We will comply with the following data protection principles and such additional conditions for processing as may be relevant under applicable law, which include: (a) Lawfulness, fairness and transparency. (b) Purpose limitation. (c) Data minimization. (d) Data accuracy. (e) Storage limitation. (f) Integrity and confidentiality. (g) Accountability. 2.2. "Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as collecting, accessing, disclosing, storing, selling, sharing, destroying or using the data in any way.

3. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

3.1. We may collect the following categories of personal information for the purposes explained below:

• Personal identifiers: such as your name, address, phone number, email, signature, and company bank details.
• Characteristics of protected classifications under California or federal law: such as your name, signature, address, telephone number, commercial information, or tendencies, company bank account number or other company financial information.
• Sensory data: such as video or audio information relating to your interview or CCTV footage as monitored by our security cameras in the facilities we operate.
• Internet or other electronic activity information: such as information regarding your interaction with our systems and servers.
• Inferences taken from other personal information, including information to create a profile: information inferred from information gathered sources to create your profile e.g., this could refer to things like your company profile or job title. 3.2 We may also collect notes linked to procurement, information obtained from our vendor background screening or any other information you provide when engaging with us.

4. SOURCES OF PERSONAL INFORMATION

4.1 We will collect personal information directly from you during our engagement with you or when you otherwise contact us. 4.3 We may combine personal information that you provide us with information we collect from elsewhere. Such sources may include:

• Publicly accessible sources (company website, companies house, other web sources);
• Pre-vendor screening and background check vendors; and
• Other sources as directed by you for example, PowerPoints, one pagers etc . 4.4. If you are an existing vendor, we may also collect information from you during the course of our contract with Design Bridge and Partners. This may include information we collect from through our engagement with you, your interaction with operating systems or servers, or other sources directly related to our relationship.

5. BUSINESS PURPOSES FOR COLLECTING PERSONAL INFORMATION

We process the categories of personal information listed above for the following purposes:

• Managing our relationship: we use your personal information to process data of representatives or contacts of our vendors who are legal entities to manage our relationship and communicate with you.
• Making decisions about our vendors: we use your personal information to make decisions about procuring goods and services (e.g., determining payment or the terms of our contractual agreement(s) etc). In cases where our vendor is a legal person, we use your personal information to keep our vendor updated throughout our relationship. Moreover, we use your personal information to assess your status as a new or existing vendor and keep you updated throughout
• Upholding our commercial interests: we use your personal information to uphold our company’s economic interests and ensuring compliance and reporting (such as adhering to our policies, local legislation and managing allegations of fraud or misconduct). In cases where our vendor is a natural person, we use your personal information to investigate and prevent fraud or misconduct and to protect our economic interests.
• To manage your visit to our offices: we use your personal information for purposes required by law e.g., to comply with fire safety regulations.
• To keep you informed: we use your personal information to keep you informed of news, updates and other information related to our business and that of other companies in our group.
• Conducting prior screening and background checks: we use your personal information to undertake screening and background checks.
• Equal opportunities legislation: we may process your personal data in order to report on and monitor globally our progress in promoting equal opportunities and compliance with equal opportunities legislation.
• Complying with legislation: we use your personal information for the purposes of adhering to applicable laws, to respond to legal orders, resolve legal disputes, action our rights in applicable employment or related contracts. and adhere to legal and regulatory requirements more generally.

6. DISCLOSURE OF PERSONAL INFORMATION

We may share your personal information for the business purposes described in section 5 of this notice, with the following third parties:

• Affiliates and subsidiaries: we may share your personal information with our affiliates and subsidiaries.
• Service providers: we may share your personal information with service providers (these could include vendors who undertake screening services or background checks and finance vendors).
• Professional service firms: we may share your personal information with advisors such as auditors or legal counsel.
• Persons involved with business acquisitions or mergers: we may share your personal information to third parties in the event of a merger, acquisition, joint vendor, dissolution, liquidation or other type of re-organisation).
• Government: we may share your personal information with governmental authorities such as federal agencies, courts, and other government authorities where are required under applicable law.

7. PURPOSE LIMITATION

We will only process your personal data for the specific purpose or purposes notified to you.

8. DATA MINIMIZATION

Your personal information will only be processed to the extent that it is necessary for the specific purposes notified to you.

9. DATA ACCURACY

We will keep the personal information we store about you accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.

10. STORAGE LIMITATION

We will not keep your personal information for longer than is necessary for the purpose or otherwise required in law. This means that data will be destroyed or erased from our systems when we are no longer required or authorized to retain it.

11. DATA SECURITY

11.1. We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. 11.2. We have in place procedures and technologies to maintain the security of all personal information from the point of collection to the point of destruction. We will only transfer personal information to a third party if they agree to comply with those procedures and policies, or if they put in place adequate measures. 11.3. Maintaining data security means guaranteeing the confidentiality, integrity, and availability (for authorized purposes) of the personal information.

12. Your rights The CPRA provides you with certain rights in relation to your personal information. These rights include:
    • The right to know: You have the right to access what personal information we have processed about you. This includes the categories of personal information we have collected, the categories of sources from where we have collected personal information, the business purpose of collect or disclosing your personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of information we have collected about you.
    • The right to delete: You have the right to delete the personal information we have processed about you.
    • The right to correct: You have the right to correct or amend the personal information we have on file about you that may be incorrect.
    • The right to non-discrimination: You have the right to not be discriminated against for exercising any of the rights outlined above, including the right not to be retaliated against. The rights outlined above may be subject to certain exceptions. To exercise any of your rights, please contact us using the information below. We will respond to your request within the timeframe permitted under applicable law. Prior to executing your individual rights request, we will first verify your identity by asking you to provide information about yourself and comparing that information with what we have on file about you. The information we may ask you to provide to verify your identity may include your name, or some other personal identifier. You may also authorize an agent to submit a request on your behalf by submitting a written permission that authorizes the agent to act on your behalf and includes your signature. If you use an authorized agent, we will still take steps to verify your identity. Please note that we do not “sell” or “share” your personal information, as those terms are defined under the CPRA. Additionally, we do not use your “sensitive personal information” for any purposes that would permit you to limit our use of such information. You may review Cal. Civ. Code Section 1798.121(a) to learn more about these permitted purposes.

13. CONTACT AND QUERIES

We will not discriminate or retaliate against you if you choose to exercise any of your rights under the CPRA. Should you have any queries regarding this notice or processing of personal information by Design Bridge and Partners please contact us by email at hello@designbridge.com or by telephone at +44 207 814 9922.

Last Updated 20th September 2024

Introduction

Design Bridge and Partners (“We”, “Us”, “Our”) appreciates and values the identification and reporting of security vulnerabilities carried out by well-intentioned, ethical security researchers (“You”).

This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us. We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it.

We do not offer a bug bounty program or monetary rewards for responsible disclosures and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

Reporting

If you believe you have found a security vulnerability, please submit your report to us using the following email address: hello@designbridge.com

Your report should include details of:

• The website, domain, IP or page where the vulnerability can be observed.

• Steps to reproduce which should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately.

  If you have any concerns or queries with regard reporting, please email hello@designbridge.com for advice.

What to expect

We aim to confirm receipt of your vulnerability report within 5 working days and triage your report within 10 working days. We also aim to keep you informed of our progress and completion of any remediation activities. We may contact you if we require further information regarding your report.

Remediation of any reported vulnerabilities are assessed based upon their impact, severity and exploit complexity. Vulnerability reports might take some time to triage or address. You are welcome to enquire on the status but we ask that you avoid doing so more than once every 14 days to allow our teams to focus on the remediation.

Guidance

You must NOT:

• Break any applicable law or regulations.
• Access unnecessary, excessive or significant amounts of data or modify data in our systems or services.
• Disrupt our services or systems, use high-intensity invasive or destructive scanning tools to find vulnerabilities or attempt any form of denial of service.
• Submit reports detailing non-exploitable vulnerabilities, or reports indicating that the services do not fully align with “best practice”, for example missing security headers.
• Submit reports detailing TLS configuration weaknesses, for example “weak” cipher suite support or the presence of TLS1.0 support.
• Social engineer, ‘phish’ or physically attack our staff or infrastructure.
• Demand financial compensation in order to disclose any vulnerabilities. You must:
• Always comply with data protection rules and must not violate the privacy of our users, staff, contractors, services or systems. You must not, for example, share, redistribute or fail to properly secure data retrieved from the systems or services.
• Securely delete all data retrieved during your research as soon as it is no longer required or within 1 month of the vulnerability being resolved, whichever occurs first (or as otherwise required by data protection law).

Legalities

This policy is designed to be compatible with common vulnerability disclosure good practice. It does not give you permission to act in any manner that is inconsistent with the law, or which might cause us to be in breach of any legal obligations.

Last Updated 31st March 2023

Where our Clients or Prospects have chosen to engage with Design Bridge and Partners (“we”, “us”, or “our”), either before or after entering into a business agreement, we are the controller of any personal data about your business or employees that you choose to give us and are therefore responsible for processing it in accordance with the law. This excludes any personal data that you specifically ask us to process as part of the “Services” we will provide.

We respect the privacy of our clients and those individuals working for our clients and recognise that when you choose to provide us with personal data, you trust us to act in a responsible manner with that information. This privacy policy contains important information about how we use personal data for the following data subjects:

• Our clients, either historical, existing or prospective, who are natural persons; and
• representatives or contact persons of our clients who are legal entities.

We will refer to the above together as the “clients”. If you are considered a client of Design Bridge and Partners we invite you to read and understand the contents set out in this privacy policy.

What information do we collect?

At times we may request that information is voluntarily supplied to us by our client themselves or by the legal entity appointed by the client.

We may gather the following information about you during our engagement:

• Identification and contact information (full name, title, email, phone, address etc)
• Job Title, position, and name of company
• Business Financial information (e.g., bank account details), insofar our client is a natural person
• Identification data relating to the delivery of products or services to our company (e.g., login details, passwords, visitor pass, IP address, online identifiers/ cookies, logs, access times, correspondence)
• Clients should ensure their employees are aware that their data is being shared with us, as described in this policy.

How do we use it?

The primary reason we process your personal data is to approve, manage, administer or effect an agreement between Design Bridge and Partners and the client you represent or work for. In this respect, we use your personal data, to, issue invoices, perform accounting, manage our contract or review the services or products we supply to you. In addition, we process personal data to meet our legal obligations (such as record keeping obligations), as well as to manage our risks and operations (e.g. prevent and detect security threats, exercise or defend legal claims).

We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your information, and this is also set out below:

Last Updated: September 2024

Where, Design Bridge and Partners, (, “we”, “us” or “our”), chooses to enter into a business engagement with supplier, we will be the controller of any personal data, that you give to us, to enable us to process that business engagement and are therefore responsible for processing it in accordance with the law.

We respect the privacy of our suppliers and those individuals working for our suppliers and recognise that when you choose to provide us with personal data, you trust us to act in a responsible manner with that information. This privacy policy contains important information about how we use personal data for the following data subjects:

• Our suppliers, vendors and service providers, either historical, existing or prospective, who are natural persons; and
• representatives or contact persons of our suppliers and service providers who are legal entities.
• We will refer to the above together as the “suppliers”. If you are considered a supplier of Design Bridge and Partners, we invite you to read and understand the contents set out in this privacy policy.

What information do we collect?

We may gather the following information about you during our engagement:

• Identification and contact information (full name, title, email, phone, address etc)
• Job Title, position, and name of company
• Business Financial information (e.g., bank account details), insofar our supplier is a natural person
• Identification data relating to the delivery of products or services to our company (e.g., login details, passwords, visitor pass, IP address, online identifiers/ cookies, logs, access times, correspondence) and
• Background checks related to the supplier (which may include related party checks)

Suppliers should ensure their employees are aware that their data is being shared with us, as described in this policy.

How do we use it?

The primary reason we process your personal data is to approve, manage, administer or effect an agreement between Design Bridge and Partners and the supplier you represent or work for. In this respect, we use your personal data, to organize our sourcing activities, issue purchase orders, process payments, perform accounting, manage our contract or review the services or products you supply us with. In addition, we process personal data to meet our legal obligations (such as record keeping obligations), as well as to manage our risks and operations (e.g. prevent and detect security threats, exercise or defend legal claims).

We are also required by law to state a “legal basis for processing”, i.e., to tell you on what grounds we are allowed to use your information, and this is also set out below:

Do we pass your information to third parties?

We may send your personal data to other WPP and Design Bridge and Partners group companies, affiliates and third parties to help us process your personal data for the purposes set out in this policy. Further details of our WPP group companies can be found here.

We may disclose your personal data if we or any of our assets are the subject of a sale or similar corporate transaction. We will ensure that the third parties who receive your personal data are required to keep it confidential.

We may disclose personal data to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.

Where do we send your information?

We are a global company and therefore we may transfer your personal data to countries around the world including the US and other countries outside Europe. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards (we use standard contractual clauses) to ensure your information is protected.

How long do we keep your information?

We will keep your information for as long as is necessary to fulfil the purpose for which it was collected. The retention time is the term of the suppliers’ contract until any legal claims under the contract expire, unless an overriding legal or regulatory obligation arises.

How do we protect your information?

We take appropriate measures to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.

Your rights

Depending on the purposes of processing, you may be entitled to ask:

1. for a copy of the personal data we hold about you, and details about how we are processing your personal data;
2. to have any inaccuracies in your personal data corrected;
3. if we are processing your personal data by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal data to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal data directly to a third party in this format, and, if technically feasible, we will do so; and
4. to withdraw your consent at any time. The withdrawal of your consent will not affect the lawfulness of processing based on consent before withdrawal
5. to object, on grounds relating to your particular situation, at any time which is based on our legitimate interest; and
6. to have your personal data erased, or for our use of it to be restricted

Please contact us using the details set out below if you would like to exercise any of these rights.

You may also have the right to make a complaint to the supervisory authority, in your country or jurisdiction, if you’re not happy with how we’ve handled your personal data.

How to contact us

If you wish to exercise any of your rights in relation to your personal information or if you have any queries about how we use your personal information, please let us know by contacting us at the following address: Design Bridge and Partners Sea Containers 18 Upper Ground London SE1 9GL6, or by email at hello@designbridge.com.

Changes to this privacy policy

We review this privacy policy on a regular basis to ensure that it is up-to-date with our use of your personal data, and compliant with applicable data protection laws. We reserve the right, at our discretion, to revise this privacy policy at any time. The updated privacy policy will be posted on our website. You are encouraged to review this privacy policy from time to time.