We keep this Policy under regular review. This Policy was last updated on 1 June 2018.
hgh Consulting is committed to ensuring that your privacy is protected and will treat all information held about you in accordance with this policy which is in line with current UK legislation. For these purposes hgh Consulting is a ‘data controller’ meaning that we decide how and why the personal data that we collect is used.
- How we collect personal information.
- How we use the information we collect.
- Your rights and how you can manage the use of your personal information.
- Procedures that we have in place to safeguard your privacy.
- How you can make a complaint or contact us.
The information we collect
We only gather the personal information we need for business purposes in order to provide you with the services you have requested or to comply with our regulatory obligations, as well as appropriate news and information.
The personal data we collect will be the information that you provide and may include your name, address, phone numbers and email address and may also include information about you from the e-mails, letters and other communications you send and documents you provide to us.
We may also collect information about your usage of our website (please refer to our Cookies Policy).
hgh Consulting collects this information in a variety of ways. We obtain personal data about you, for example, when:
- You request a proposal from us in respect of the services we provide;
- You or your employer or our clients engage us to provide our services and also during the provision of those services;
- You contact us by email, telephone, post etc (for example when you have a query about our services or wish to apply for a job);
- We meet with you.
We also collect personal data about you from third parties and/or publicly available resources, (for example, internet searches). Data is stored in a range of different places, including in relevant files, and within email and IT systems.
Basis for processing and use of your data
hgh Consulting needs to process data for purposes necessary for the performance of our contract with you, your employer or our clients and to comply with our legal obligations. This may include processing your personal data where you are an employee, subcontractor, supplier or customer of our client.
Where you enquire about becoming or where you become a client of hgh Consulting, for example, the basis for our processing of your personal data will be to enter into and perform the contract between you and us.
We may process your personal data for the purpose of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for business development, marketing and management purposes. Therefore, from time to time we may send you information about company news and events we are holding or other matters that we believe will be of interest to you. This could involve us seeking your thoughts and opinions on the services we provide and us notifying you of any changes. The basis for our processing of your personal data this way will be legitimate interest and you will be free to withdraw from these communications at any time.
Other information processed by hgh Consulting as part of its legitimate interests include: network and information security, cloud storage, updating customer details, due diligence involving risk assessment and fraud prevention.
Some information is processed in accordance with public interest such as public consultations. This is a regulatory process where we need the public's input on planning matters affecting them. It is the individual's choice whether they wish to provide their personal (contact) information to hgh Consulting in these circumstances, which will be processed on the grounds of legitimate interest. As with all hgh Consulting communications, you will be free to unsubscribe from them at any time.
We may also process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required we will seek your clear and unambiguous consent prior to processing your data and you have the right to withdraw your consent to processing for such specific purposes at any time.
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Do any third parties have access to my data?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We will share your personal information within hgh Consulting in the context of system maintenance support and hosting of data.
"Third parties" includes third-party service providers (including contractors and designated agents). These "third parties" are other companies employed to provide services for us who will have access to the personal information needed to perform their functions and not for any other purpose. The following activities are carried out by third-party service providers: IT (and cloud services), professional advisory and support services, administration services, recruitment services, marketing services and banking services.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
How secure is my information with third-party service providers?
All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
How does hgh Consulting protect data?
hgh Consulting takes the security of your data seriously. We have internal policies and controls in place in respect of security that are regularly reviewed to ensure that they are commercially reasonable and appropriate, to prevent data from being accidentally lost or destroyed, used or accessed in an unauthorised way, altered or disclosed. Our policies and controls are designed to limit access to those employees, agents, contractors and other third parties who have a business need to know.
Where hgh Consulting engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate measures to ensure the security of data.
All employees, agents, contractors and other third parties are subject to a duty of confidentiality.
How long does hgh Consulting keep data?
We employ appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We will only retain your personal data for as long as the law requires or as long as it is necessary to fulfil the purposes for which it is collected, taking into account the nature of the information and purpose for which it has been obtained and is used or held. For example, the CVs of all unsuccessful job applicants are deleted and no personal data is recorded on hgh Consulting systems following the recruitment process.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided;
- any statutory or legal obligations;
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the types of personal data we have collected;
- the amount and categories of your personal data; and
- Whether the purpose of the processing could reasonably be fulfilled by other means.
Under certain circumstances individuals have certain rights over their personal data. These include:
- requesting access to and thereby receiving details of personal data held;
- requesting correction of personal data, where appropriate;
- requesting erasure of personal data, where appropriate;
- objecting to the processing of your personal data where hgh Consulting is relying on its legitimate interests as the legal ground for processing; and
- requesting the restriction of processing of your personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override hgh Consulting's legitimate grounds for processing;
- Requesting the transfer or your personal data where processing is based on consent, is carried out by automated means and is technically feasible.
- If you want to request to review, verify, correct, erase, transfer a copy of your personal data to a third party or object to the processing of your personal data, please contact us in writing at our registered office or by emailing email@example.com.
Please note that where you ask us to erase, correct, object to process or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request then we will notify you of this refusal and you will have the right to appeal.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
What if you do not provide personal data?
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively we may be unable to comply with our legal or regulatory obligations.
Changes to how we protect your privacy
Where we undergo substantial changes to our privacy statement we will endeavour to inform you directly about them.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting other sites even if you access them using links to or from our website. You should exercise caution and look at the privacy statement applicable to the website in question.
hgh Consulting tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention and welcome any suggestions for improving our procedures.
If you believe that hgh Consulting has not complied with your data protection rights please contact us accordingly. We will look into any complaint carefully and promptly and do all we can to explain the position to you.
You also have the right to complain to the Information Commissioner’s office (https://ico.org.uk/)
How to contact us
We always want to hear from our customers. If you:
- Have any questions or feedback
- Would like us to stop using your information
- Want to exercise any of your rights as set out above, or have a complaint
Please don’t hesitate to contact us and we will be happy to answer any questions you may have. You can contact us at email address: firstname.lastname@example.org or else through the hgh Consulting website. Or if you’d like to, you can write to us at: hgh Consulting, 45 Welbeck Street, London, W1G 8DZ.
hgh Consulting is a trading style of Hepher Grincell Limited. Registered address: Henwood House, Ashford, Kent TN24 8DH. Registered in England & Wales: 9340687.