DATA AND COOKIES POLICY
HOUGH & BOLLARD LTD is registered at Companies House (number 09853043) and our registered office and correspondence address is at 5 Tarleton Avenue, Woodhall Spa, England LN10 (‘we, us or H & B’).
H & B is a ‘controller’ of personal data for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). We may collect and process your personal data and we take your privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. The information set out below explains how we process your personal data.
Personal data we may collect about you
We may collect personal data about you when you contact with us whether by email or telephone.
This information is likely to include:-
- Your name and contact details (address, email and phone number)
- Your job title
- Any billing information
- Any other personal data that might be required as part of our contractual relationship with you.
We also monitor your use of our website including when you visit our website and which pages you view; traffic data, location data and the originating domain name of a user's internet service provider. We use this information to better understand those wanting our services and in some cases we will not be able to personally identify an individual.
How we use your personal data
We may use your data for one or more of the following:-
- Sending you and your business information about our services and any projects including responding to enquiries and/or providing you with advice and assistance;
- Planning, performing and managing the (contractual) relationship with you and your business;
- Administrating and performing customer surveys, marketing campaigns, market analysis, or other promotional activities or events, where you have specifically consented;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), and resolving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.
The legal basis for using your personal data is:-
- The performance of any contract we make with you;
- Complying with our legal obligations; and/or
- If it is necessary for our legitimate interests ie the efficient performance or management of our business relationship with you.
We may also ask for your consent to some uses of your personal data which is also a legal basis for using your data.
Marketing and opting out
We will not contact you with direct marketing unless you have asked us to do so and even then you can change your mind later and opt-out on request.
Who has access to your personal information?
We will not sell your information to third parties, nor do we share it with third parties for marketing purposes.
Third Party Service Providers working on our behalf:
We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We will not pass your personal information to other third parties unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
We may transfer your personal information to a third party if we are required to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our business terms. However, we will take reasonable steps to ensure that your privacy rights continue to be protected.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- Access to our systems is controlled by password and username which are unique to the user;
- We store your electronic personal data on secure servers;
- We store your paper records in locked storage rooms;
- We train our staff in good records management
We may collect and process sensitive data about you as part of a project and will take steps to ensure its security. Where sensitive data is transmitted over the Internet it will be encrypted. Any non-sensitive data including your contact details are transmitted normally over the Internet, and while we will try to protect your personal data we cannot guarantee that this is completely secure, or that of any information you transmit to us; and therefore do so at your own risk.
Transferring your information outside of Europe
We do not transfer your data outside of the European Economic Area.
How long do we keep your data for?
We will not keep your data for any longer than is necessary to complete any project or provide you with services and which is usually six years from when our work finishes.
Your data subject rights
You have the following rights under the GDPR and any request should be made in writing to our correspondence address:
Subject Access Requests (SAR): You have the right to ask us to confirm what information we hold about you at any time and you have the right to access to it by making a SAR; there is no charge for making a request. You can also ask us to modify, update or delete such information however if we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
Right to object: You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
Right to withdraw consent: In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later.
Right to erasure: You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. ·
Right of data portability: You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month..
Right to complain to the Information Commissioner: You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
This Policy was last reviewed in November 2018 and we may change it from time to time. The latest version will apply each time you visit our website.If you have any questions about this Policy, or about how we look after your data generally, you can contact us via our contact page