Intro To Privacy

Data HQ Limited (‘the Company’) is responsible for the processing of personal data and is a data controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (‘GDPR’)). The registered address is Hyatt Place, 50-60 Broomfield Road, Chelmsford, CM11SW (company no. 04193862). The Company has appointed a Data Protection Officer who is contactable at info@datahq.co.uk or on 01245 807470.

  1. What information do we collect?
    We may collect information from you when you enter details onto our website using our online forms. Because this information is capable of identifying you, it is classed as ‘personal data’, and subject to data protection rules. Your provision of personal data to us is not part of a statutory requirement, although if you are a customer, we will collect and process your personal data for the purposes of performing our part of the contractual obligations between us.
  2. How do we process your data?
    1. We want to be transparent about how we process your personal data. We will always have a lawful basis for processing your personal data, as highlighted in bold, below. We may process your data in various ways.
    2. Firstly, when you enter your information into our online forms, we will collect and store the data within our systems. We will do this because we have a legitimate interest in processing the data for the purposes of developing potential business between us. We assess that this legitimate business interest is balanced with your interests, by your intention to seek to do business with us, evidenced by your option to input details onto our online forms.
    3. Secondly, if you become a customer, we will use the data, and any further information including financial information that we gather from you to complete various order forms and invoices, and to process payments as necessary to comply with contractual obligationsbetween us.
    4. Finally, we would like to send you marketing communication, by email or by phone, offering you goods and services, and providing you with information we believe is of interest to you. If you are not a corporate body, i.e. not from a limited company, PLC or other corporate entity, we will ask for your consent to conduct marketing, using your personal data in this way. See 3 below, which explains more about your consent and direct marketing.
    5. In all circumstances where we collect personal data from you, we will only collect the minimum amount of data required for us to perform the defined processing purpose/s.
  3. Your consent and direct marketing
    1. If you are not a corporate body, i.e. not from a limited company, Plc or other corporate entity, we will ask for your consent to conduct direct marketing to your phone number and or email address which you input onto our online forms. We will ask that if you consent to direct marketing, you indicate by ticking empty boxes. You will be asked to give what is called ‘granular consent’, which means you will need to tick separate boxes to confirm that you consent to each specific form of processing (i.e. email and/or telephone). Your access to our website content will NOT be contingent upon your consenting to marketing.
    2. If you gave your consent to us processing your personal data for the purposes of marketing, you have the right to withdraw that consent at any time, in a manner that is as easy as it was to give it. You may do this by simply clicking on the unsubscribe link on any marketing email we send to you, or by contacting the DPO or the Company at any time. We will keep a suppression file with minimal details to ensure we do not contact you once you have withdrawn your consent.
    3. If you are a limited company, Plc or other corporate entity, we would like to send you details of offers, our newsletter and information about our products and services. You can opt out of email marketing by simply clicking the unsubscribe link on the email, or by informing us that you wish to opt out of telephone marketing.
  4. Cookies
    1. A cookie is a small text file containing information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
      • To estimate our audience size and usage pattern.
      • To store information about your preferences, and so allow us to customise our site according to your individual interests.
      • To speed up your searches.
      • To recognise you when you return to our site.
    2. We use the following cookies on our website:
      1. Data HQ Website Cookies - Website cookies that keep a record of your last visited website in case we want to use that information to provide information back to you in a ‘breadcrumb’ or similar. No personal data is collected.
      2. Google Tag Manager Cookies – Collect information on your journey through our website which we use to improve our website experience for our users. No personal data is collected.
      3. Hotjar Cookies – Collect information on your journey through our website which we use to improve our website experience for users. No personal data is collected.
      4. Consent Cookie – Informs the site that you have agreed to the use of cookies as you use the website.
    3. You are able to change the settings on your browser at any time by entering the settings menu. By changing the settings to allow the use of cookies in this way, you will be will be giving your consent by an affirmative action to the use of cookies, only according to the extent that you consent to their use. This consent is informed appropriately by this information on cookies, and our cookie page.
    4. Cookies are governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  5. How will we store your data?
    1. Your personal data is stored on our secure, UK based network, which meets internationally recognised security standards. Our systems are certified to Cyber Essentials Plus standards, and our hosted servers are certified to ISO 27001.
    2. We will not store your personal data indefinitely. Once the purpose/s for processing the personal data have been concluded, we will securely delete your personal data from our systems. We will regularly screen our data to ensure that it is deleted after the processing purpose/s have concluded.
    3. If we have a contractual agreement with you to provide goods or services, we will retain your information for seven (7) years in accordance with statutory requirements, and for the purposes of pursuing or defending any civil action.
    4. We will usually retain a ‘suppression file’ to help us comply with data protection and marketing law. This will contain some minimal data to enable us to ensure we do not market to individuals listed where they have withdrawn their consent to being contacted or marketed to. We may use pseudonymisation to help protect this data.
  6. Will your data be disclosed to third parties?
    We will NOT sell, transfer or otherwise disclose your personal data to third parties, or third countries unless this is required as part of any contract between us. We may only otherwise disclose your personal data in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, OR, if we are under a duty to disclose or share your personal data in order to comply with a legal obligation. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  7. What are your rights?
    You have a number of rights pertaining to the processing of your personal data that you should be aware of as follows. To exercise these rights, please contact the Data Protection Officer at the email address above:
    1. Access - Firstly you have the right to access your personal data. This is called a Data Subject Access Request (‘DSAR’). You will need to prove your identity to us in order for us to provide you with access to the personal data we are processing. This will need to be a photographic ID.
    2. Rectification - If your personal data is inaccurate, you have the right to have it rectified.
    3. Erasure - Under certain conditions you have the right to have your personal data erased from our database, (the right ‘to be forgotten’).
    4. Restriction - You can suppress the processing of your personal data.
    5. The Right to Object - Where a data controller processes your personal data because they have legitimate interests to process it where your consent has not been obtained vis-à-vis that processing, you may object to that processing. Under those circumstances you may also request that your personal data be erased from the data controller’s database (see above).
    6. Data Portability - If you provided us with your personal data directly, and we are processing that data in a digital format, based on your consent or under a contract between us, you have the right to request a machine-readable copy of the personal data we are processing.
    7. Automated Individual Decision-Making or Profiling - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects you. This applies to processes without human intervention. For more information on this complex provision, please contact the DPO at the contact email address above.
  8. Making a complaint
    You have the right to lodge a complaint with the Supervisory Authority, which in the UK is the Information Commissioner’s Office (ICO). Full details can be found on the ICO’s website, ico.org.uk. For further information, to exercise any of your rights listed in this notice or if you are unclear about any of the provisions contained herein, please contact the Data Protection Officer at the address above.