DATA AND COOKIES POLICY
Who are we?
We are Hough & Bollard Ltd. Our registered office is 5 Tarleton Avenue Woodhall Spa LN10 6SE.
If you have any questions about this Policy, or about how we look after your data generally, please contact us via our Contact
Hough & Bollard Ltd (‘we’ or ‘us’ or 'Hough & Bollard' etc), is a ‘controller’ of personal data. This means that, under the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR), we may control and process your personal data.
We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this policy very carefully because it contains important information about how we process your personal data.
Personal data we may collect about you
We may obtain personal data about you whenever you complete a form for us, whether online or in person. We may also collect information about you when our staff speak to you about our services. Generally speaking, this is in a business context, but we do recognise that some of our customers are sole traders.
This information usually includes:
- Your name and work contact details (address, email and phone number) and your job title;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further information necessarily processed in a project or contractual relationship with us, such as personal data relating to orders placed, payments made, requests, and project milestones
How we use your personal data
We may use your data for one or more of the following purposes:
- Communicating with you and your business about our services and projects, e.g. by responding to enquiries or requests or providing you with advice and assistance;
- Planning, performing and managing the (contractual) relationship with you and your business;
- Administrating and performing customer surveys, marketing campaigns, market analysis, contests, or other promotional activities or events, where you have specifically consented;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), and resolving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.
The legal basis for us processing data about you is that such processing is necessary for the purposes of:
· Hough & Bollard exercising its rights and performing its obligations in connection with any contract we make with you (Article 6 (1) (b) General Data Protection Regulation),
· Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation), and/or
· Legitimate interests pursued by Hough & Bollard (Article 6 (1) (f) General Data Protection Regulation).
Generally the legitimate interest pursued by Hough & Bollard in relation to our use of your personal data is the efficient performance or management of our business relationship with you.
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for Freedom processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation).
Marketing and opting out
We will not contact you for the purposes of direct marketing unless you have asked us to do so. However, if you have asked us to do so and later your change your mind, you can opt-out at any time with no hassle. To do this, just let us know. See further 'Your rights' below for details about how to contact us.
How has access to your personal information?
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- Access to our systems is controlled by password and username which are unique to the user;
- We store your electronic personal data on secure servers;
- We store your paper records in locked storage rooms;
- We train our staff in good records management
Non-sensitive details (your contact details and preferences for example) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Transferring your information outside of Europe
We do not transfer your data outside of the European Economic Area.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
Give consent on his/her behalf to the processing of his or her personal data Receive on his/her behalf any data protection notices
How long do we keep your data for?
As a general rule, we will not keep your data for any longer than is necessary to complete tasks or provide you with services. We have a separate policy setting out retention periods for specific types of data. Generally speaking, with regard to an individual project, this is six years from the point at which our work ends.
- Track your use of the site;
- Recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time);
- Obtain information about your preferences, online movements and use of the internet;
- Carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests Target our marketing and advertising campaigns more effectively
- Make your online experience more efficient and enjoyable.
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.
You have various rights under the GDPR, including the following rights:
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, providing you with services), or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): Just so it's clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- we may ask you to verify your identity, or ask for more information about your request; and
- where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. ·
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below.
To exercise any of your rights concerning your information, please send an email to the following address:
Or write to us at the following postal address:
5 Tarleton Avenue
We may ask you to provide us with proof or your identity. Please do not be offended; this may occur even if we know you. It is a requirement of the GDPR in some cases.
This Policy was last reviewed in March 2021.
The information commissioner’s office
More information about privacy laws can be found at www.ico.org.uk
Details of your local supervisory authority: The Information Commissioner's Office. You can contact them in the following ways: