PRIVACY POLICY
Introduction
We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it.
About us
[Add any information here about who you are and/or a summary of your processing activities]
How to contact us
If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact [our Data Protection Officer/representative]:
[Full contact details]
Data we collect and process
Visitors to our website
Where we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.
Google Analytics
When someone visits our website ([web address]) we make use of the Google Analytics service to collect standard information about visitors to the sites and their behaviour (e.g. what pages they viewed). The data provided by Google Analytics is anonymised and in no way enables us to identify individual visitors, however, Google Analytics will place a cookie on your device to enable the service. For more information about how Google Analytics cookies work on websites visit: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage. You can also opt out of the use of Google Analytics across all websites: http://tools.google.com/dlpage/gaoptout.
Other cookies used, tracking pixels or similar tools
Provide as much information here as possible about any cookies, tracking pixels (e.g. Google, Facebook, etc.) or similar technologies you are using on your website. You should indicate details of the technology, why you use them and how the website visitor can find out more information about them
Hosting
Provide here details of where or how your website is hosted, where in the world it is hosted (and if outside the EEA what you’ve done to make sure any data submitted or stored by it, is processed in line with EU data protection standards) – this is important if you are storing any personal data (e.g. login user data, contact form data, etc.) within the backend of your website
Security of data collected and processed via our website
Provide here details of what security measures you have put in place to protect any data collected or processed via your website
People who receive our newsletters
If you provide newsletter or other marketing materials explain how you collect the data, what systems (e.g. MailChimp) you use to manage your marketing lists and anything else you might do with the data. Also explain how someone can unsubscribe from receiving further materials.
If you contact us
Online forms
If you fill out one of our website forms ([e.g. examples of specific pages with contact forms on]) a notification email is sent to the relevant team within our company. No copy of the data you submit is stored anywhere. [However, you should note that as our site does not use SSL (https) the data you submit using the contact form will not be encrypted once you press the “Submit” button. / As our site uses SSL (https) the data you submit using the contact form will be encrypted once your press the “Submit” button]
To place an order
Explain what happens when someone provides data to place an order, what happens with their data, how it’s used, where it’s stored, etc.
To log a support request or customer services enquiry
Explain what happens when someone contacts your helpdesk or customer helpline in terms of the data you collect, where you store it, the systems you use, etc.
People who contact us via email
Explain what happens to emails that are sent to you, including where the emails are stored, how they’re accessible, any email security measures or protections (e.g. junk mail filtering, virus scanning, etc.) you have in place. You should also consider setting out your email retention policy.
Our use of social media
If you use any third-party systems that may process personal data for the purposes of interacting on social media you should provide details of those services, how they use your data, etc.
Customer data
Provide details here of what happens with customers data, how you use, where you store, what systems are involved, how long you keep it, etc.
Employee data
Provide here details of what happens to employee’s data in terms of what you collect, where you store it, what systems you use, etc.
Recruitment data
Provide here, details of what data you collect for recruitment, how you store it, how long you keep it (successful or unsuccessful candidates), how you collect it, etc.
Supplier or contractor data
Provide here, details of what data you collect from suppliers, how you store it, how long you keep it. how you collect it, etc. e.g. If you are one of our suppliers we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly.
Individual employees within our business may also retain your contact details within their email application or via business cards that you may provide to us.
Retention of personal data
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
Third party processors
We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations, e.g. accountants, HR support, etc.
In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.
We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data.
Your rights
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: https://ico.org.uk/for-the-public/
If you would like to exercise your rights, or if you have any questions, please use the following contact details:
[contact details]
How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom of the email or by contacting us.
You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing.
Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us with your updated details.
Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If it’s not possible for us to delete your data, we will explain the reasons why.
Portability
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them).
[Provide information here about whether they can exercise the right themselves (e.g. functionality within your systems that allows individuals to access their data and export or transfer it themselves, or provide information about what you can provide if they contact you, e.g. a CSV file)]
Access to your data (a so-called Data Subject Access Request)
You have the right to ask us about what data we hold about you, how we process it and to ask us to provide you with a copy of the information, free of charge and within one calendar month of your request.
To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses above. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
Sharing your information
We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.
Complaints
If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to [email]
If you want to make a complaint about the way we have processed your personal information, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law in the UK – https://ico.org.uk/make-a-complaint/
More information
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk
Changes to our privacy notice
We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at www.haigbarrettpartners.com
GDPR...