The purpose of this policy is to illustrate the types of personal information hps group collect, why and how we use it and how it’s shared. In order for hps group to perform our day to day business activities, we need to collect and store certain personal and sensitive data on its employees, system users and potential clients. This policy outlines the steps hps group takes in order to meet privacy and data protection obligations as a core function throughout the organisation.
This policy applies to all hps group employees and affiliates and includes all services and all personal data handled when performing business activities whether that is conducted by staff or suppliers of hps group
Usually, the only information hps group holds surrounding data subjects comes directly from them by signing up to any of the services/products hps group offers. Whenever this information is collected, hps group ensures that only the information required to fulfil a purpose is collected so as to not hold ‘excessive’ data. Information collected is stored securely on our computer systems and access is restricted to persons who have a need for that information. All of our staff are trained in the correct way to handle and dispose of personal information.
Our customers typically provide us with the following information: name, email address, postal address and telephone number. Unless opted out, hps group will store this information to use for future marketing communications that may be relevant to that customer for a limited amount of time before being destroyed.
When our customers share information with us, for example when they sign up to marketing communications via our website, hps group can use that information to communicate relevant content to them.
We may upload personal information, supplied to us by our clients or customers, into a third party system for the purposes of marketing communication deployment. The information shared in these instances are not used for any other purpose by such third parties.
hps group provide some personal data to our trusted affiliates, contractors and suppliers to facilitate further processing, to meet an end goal (such as printers, etc.). All data is processed in accordance with our instructions and in line with all relevant compliance and security measures.
hps group will not divulge personal information without the subject’s consent, however, in some circumstances hps group may be required to supply such information to third parties to comply with the law, regulation or enforceable governmental request to which hps group are legally required to respond.
We collect information about the services you use, pages you visit and how you interact with them.
hps group processes personal information captured via our website for the purposes of:
Cookies do not contain any information that personally identifies you, but information that we store about you may be linked, by us, to the information stored in and obtained from cookies.
We use the information we obtain from you for the following purposes:
We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to government bodies and law enforcement agencies).
When handling the information hps group collects, we commit ourselves to:
hps group recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:
Secondly, the Data Protection Act aims to ensure that the legitimate concerns of individuals, about the ways in which their data may be used, are taken into account. In addition to being open and transparent, hps group will seek to give individuals as much choice as is possible and reasonable, over what data is held and how it is used.
hps group is committed to ensuring that in principle, data subjects are aware that their data is being processed and:
For further information, please see our data protection policy.
For further information in regards to the security measures surrounding the personal data hps group handles, please see our ‘information sensitivity policy’ and our ‘security policy’.
There are a number of ways in which hps group communicates its commitment to the effective management of data protection. There’s a variety of guidance that is issued to all employees to ensure adherence to these commitments. The guidance that is currently issued, and updated regularly, consists of:
The compliance team also maintains a ‘Cyclic Reviews Log’ which plots all cyclic compliance processes and/or review timeframes. This includes reviewing internal documents and guidance that the agency follows, such as: Privacy Notices (web form Ts & Cs template), Data Processing Agreements, Non-Disclosure Agreements, DPIAs, PIAs, etc.
Under the Data Protection Act 1998, hps group will respond to ‘subject access requests’ within the legal time frame of calendar 40 days (under current legislation). This time frame is soon to be lessened to a period of 1 month following the implementation of the General Data Protection Regulation (GDPR) and the time taken to respond to these requests will reflect these changes.
‘subject access requests’ must be submitted in writing and will be handled by the data protection officer, who is responsible for ensuring that such requests are handled in compliance with the local legislation.
To make a compliant, or to know more about the information hps group holds on an employee, service user or potential client, please contact firstname.lastname@example.org or alternatively, contact the Information commissioner’s office (ICO).
Here’s how to find us. Let us know you’re coming and we’ll pop the kettle on.get in touch