The purpose of this policy is to outline how hps group handles and manages the personal data in relation to third parties accessing our website.
This policy applies to the hps group website: www.hpsgroup.co.uk.
3.1 information about us
https://hpsgroup.co.uk/ is a site operated by hps group. We are a private limited company registered in England and Wales under company number 04114693. Our trading name is hps group. Our main trading address is Atlas House, Third Avenue, Globe Park, Marlow, Bucks SL7 1EY. Our VAT number is GB 604 0292 83.
We are committed to protecting and respecting your privacy. We are responsible for protecting your personal information as a “data controller” under applicable data protection legislation. If you have any queries about this policy or how we use your personal information, please contact us using the details at Contact Us.
Our nominated person for data protection is Richard Triggs, CFO and his contact details are email@example.com.
3.2 what information do we collect?
We collect personal data as defined by applicable data protection legislation. The personal information we collect might include name, date of birth, email address, postal address, and telephone number.
If you provide services to hps group, we will collect information in line with your contract for services.
If you have purchased goods or services from us, we will collect information about your purchase history.
We may collect information that is available in the public domain, for example: newspaper or online media items, publicly available posts on LinkedIn or social media or Companies House listings.
We record your requests for information and any feedback we receive from you and record emails for quality assurance purposes.
We may also collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the Internet.
We also gather general information about the use of our website, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails. We may use this information to personalise the way our website is presented when users visit, to make improvements to our website and to ensure we provide the best service for users. Wherever possible we use aggregated or anonymous information which does not identify individual visitors to our website.
3.3 how do we collect information?
We obtain personal information from you when you use our website, enquire about our activities, register with us, send or receive an email, ask a question or otherwise provide us with personal information.
We may also receive information about you from third parties, for example from data providers or from individuals or third-party organisations who share our interests and may introduce you to us.
3.4 why do we collect this information?
We collect this information for the purpose of contacting you with relevant updates about our business including marketing messages. The lawful basis for which we process your information is:
- your consent;
- processing is necessary for the performance of a contract to which you are a party. If you fail to provide this information we may be unable to perform the contract; and
- processing is necessary for our legitimate interest in promoting our business and services, except where your rights as a data subject override our legitimate interest.
3.5 how do we use this information?
We will use your personal information:
- to provide you with services, products or information you have requested;
- to provide you with information about future events and products and services we think may be of interest to you, including third-party events, products and services;
- for administration purposes including to create an account for you if you register with us; to notify you about changes to our services; as part of our efforts to keep our site safe and secure; and to ensure that content from our site is presented in the most effective manner for you and for your computer; and
- to make suggestions and recommendations to you about goods or services that may interest you.
We will only use your personal information for electronic marketing purposes if we are allowed to do this by law or if we have your consent. If you agree to us providing you with marketing information, you can always opt out at a later date. If you would rather not receive marketing material from us, please let us know at any time using the contact details at Contact Us.
3.6 do we share your information with anyone else?
We share your personal information with:
- third-party system operators for the purpose of marketing communication deployment only; and
- our trusted affiliates as detailed below
We may share your personal information with third parties for marketing purposes. If you do not want us to share your personal data with any third party for marketing purposes, please let us know using the contact details Contact Us.
We may need to provide your information to our contractors and suppliers who provide services on our behalf, to the extent necessary to enable you to receive those services.
We may share your information with the service providers or other associated organisations as identified in this policy to use the information for their own purposes as described above.
We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
3.7 how long do we keep your information for?
We keep your information for no longer than necessary, as detailed in our Record retention policy. We will retain your information for any period required by law, for example for compliance with HMRC requirement. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
If you have any questions about how long we keep your information, please write to us at firstname.lastname@example.org.
3.8 how do we protect personal information?
We take appropriate technical and organisational measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We protect your information in accordance with our IT and Data protection policy.
You should be aware that the use of the Internet is not entirely secure and although we will do our best to protect your personal data we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet. Any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features such as encryption to try to prevent unauthorised access.
hps group also provides training and support for staff and independent contractors who handle personal data, so that they can act confidently and consistently. In addition to being open and transparent, hps group will seek to give individuals as much choice as is possible and reasonable, over what data is held and how it is used.
hps group is committed to ensuring that in principle, data subjects are aware that their data is being processed and:
- for what purpose it is being processed
- what types of disclosure are likely
- how to exercise their rights in relation to the data.
For further information, please see our data protection policy.
3.10 communicating our data protection processes
There’s a variety of guidance that is issued to all employees to ensure adherence to these commitments. The guidance that is currently issued, and updated regularly, consists of:
- Data Protection induction (and accompanying guidance documents sent to attendees post-induction)
- IT Security induction
- IT Security policy issued to all new starters to read and sign/accept via Octopus
- Team PIAs and data handling crib sheets
- Ad hoc communications via emails, Team Heads briefings and to individual project teams in project meets
The compliance team also maintains a ‘Cyclic Reviews Log’ which plots all cyclic compliance processes and/or review timeframes. This includes reviewing internal documents and guidance that the agency follows, such as: Privacy Notices (web form Ts & Cs template), Data Processing Agreements, Non-Disclosure Agreements, DPIAs, PIAs, etc.
3.11 your rights
You have a right to access the information we process about you. This includes being provided with a copy of the information we hold about you, the purposes for which we use it and with whom it has been shared (‘right of access’).
You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or complete information which is incomplete (‘right to rectification’). If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records.
In order that we can ensure that your personal information is accurate and up to date, if any of the information that you have provided us with changes, for example if you change your email address, name, payment details, or if you wish to cancel your registration, please let us know using the contact details at the end of this policy.
You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where our legal basis for processing is to perform a task carried out in the public interest or to exercise official authority.
You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
In certain circumstances, for example if you contest the accuracy of the information or the lawfulness of our processing, you may ask us to restrict our processing of your information (‘right to restriction’).
If you exercise your right to restrict processing, we would still need to process your information to the extent permitted by law, including for the purpose of exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
If our lawful basis for processing is your consent, you have the right to withdraw your consent at any time.
You have the right to object to our processing in accordance with our legitimate interests, in which case we may only continue to use your personal data where we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms.
You have a right to prevent us from processing your data for the purposes of marketing.
If you would like to exercise any of your rights above, please contact us at email@example.com. We will act in accordance with your instructions as soon as reasonably possible and there will be no charge.
You have a right to report any of your concerns about our use of your data to the Information Commissioner’s Office. You may do so by calling their helpline at 0303 123 1113.
3.13 changes to this policy
This policy shall be effective immediately upon approval.