Updated and Effective as of 9th February, 2022
We are committed to protecting the privacy of anyone who interacts with us and will treat all information you give us with care.
We promise to:
- Tell you why we collect personal information, how we do this and what we use it for.
- Only collect the information we need to deliver the service to you.
- Keep the personal information up to date and ensure it is safe and secure.
- Why we can process your information.
- What purpose we are processing it for.
- Whether you must provide it to us.
- How long we store it for.
- Whether there are other recipients of your personal information.
- Whether we intend to transfer it to another country; and
- Whether we do automated decision-making or profiling.
We may change this policy from time to time. The date this policy was last updated is shown at the end of this document.
As a data controller, we fully comply with the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and the General Data Protection Regulations (EC Directive) 2016 (GDPR). We will also comply with all applicable clinical confidentiality guidelines.
We are recorded on the ICO Data Protection Register under registration number ZA178658.
2) Who we are
In this policy references to Hethel Innovation Ltd. “we” “us” “our” are to Hethel Innovation Ltd. Hethel Engineering Centre Chapman Way NR14 8FB.
The Data Controller is Hethel Innovation Ltd.
Our Data Protection Officer is Keith Hebborn, Hebborn Consultancy Ltd. Tedder House, Tedder Close Watton Norfolk IP25 6HU.
Email firstname.lastname@example.org. Telephone 0333 772 1510
3) What information do we collect?
We collect personal information about you to enable us to provide the services or fulfil a role with us. This may include:
- Name and address.
- Email address and telephone numbers.
- The country you live in, date of birth, national insurance number passport number.
- Details of your employment.
- From your parent or guardian if you are under 18.
- Details of services you may have received from us.
- Information about complaints and incidents.
- When you visit our website, we collect information about your IP address and the pages you visit. This does not tell us who you are or your address unless you choose to provide that information.
- The payment information (e.g., credit card details) you give when you make a payment to us.
- Information from user surveys, promotions, or competitions that you may take part in.
- The result of any credit or anti-fraud checks we have made on you.
4) How do we collect personal information?
We collect the personal information in the following ways:
- When you enquire about one of our services.
- When you provide information by filling in a form on registration or information provided at any other time.
- When you correspond with us by email, phone, or other ways.
- During the provision of services to you.
- When you participate in discussion forums or other social media on our site or sites managed by us.
- Contact us by email, telephone, social media or in any other way.
- When you visit our website.
- When you sign in and out of our premises (visitors log)
- When you register your vehicle for entry/exit purposes or to obtain an access fob.
5) How we use the information and why we need it
We use the personal information to provide services to customers, clients, tenants, guests, employees, visitors, and newsletter recipients or to meet our contractual commitments to Data Subjects. This may include: –
- Contract – if we have a contract with you, we will process your personal information to fulfil that contract.
- Consent – generally we will only ask for your consent to process your personal information if there is no other legal ground to process. Where we need your consent, we will ensure you are as fully informed as possible and use that consent solely for the reason you have given it to us. You will be able to change your mind at any time by contacting us at the address in paragraph 14. Any email or text to you will have a link to let you do so.
- Public interest – we will process your personal information when carrying out the performance of a task in the public interest.
- Necessary to defend legal claims or court action.
- Vital interests – Where it is necessary to protect your vital interests or those of another person.
- Employment – when necessary to fulfil our duties under employment law.
- Public interest – this is usually in line with any applicable laws such as protecting against dishonesty, malpractice, or other seriously improper behaviour.
- Information you have made public.
- Marketing – in addition to the processing we will use your personal information to provide you with information about services you have requested or would reasonably expect to receive from us. You will be able to change your mind at any time and we will keep your preferences up to date. Any email to you about marketing will have a link to let you unsubscribe.
6) Legitimate interests
Hethel Innovation Ltd. may also process your data when it is in our legitimate interest to do this and when these interests do not override your rights. These legitimate interests include: –
- Providing you with information on products services and offers by partner service providers.
- Keeping our records up to date.
- For statistical research and analysis and to enable us to monitor and improve services.
- Sharing your personal information with people or organisations to comply with any legal or regulatory obligations or to enable us to run our organisation.
- To fulfil laws that apply to us and the third parties we work with.
- To take part in or be the subject of any merger, sale or purchase of all or part of our business
- Managing our relationships with you and third parties who assist us to provide the services to you
7) Who will see this information?
Your information will only be accessible to our staff and only where it is appropriate in respect of the role they are carrying out. We will never sell your information or let other organisations use it for their purposes.
We will only share your personal information: –
- Where consent is necessary, we will have obtained your consent to us doing so and will provide information for the specific reason your consent was given. You will have the opportunity to withhold consent when you complete the form on which we collect the data or you can do so by contacting us at the address in paragraph 14, at any time.
- Where it is necessary to protect your vital interest (i.e., your life or health).
- Organisations or people who by law or regulations we must share your personal information with.
- The police or other law enforcement agencies for them to perform their duties if we must do this by law or under a court order.
- Where we use other organisations to provide services on our behalf for processing, mailing, delivering, customers, guests and volunteers questions about our services, sending mail and emails, data analysis, assessment and profiling or processing credit/debit card payments.
- Organisations providing IT systems, IT support and hosting concerning IT systems on which information is stored.
- When using auditors and professional advisors and with your pension administrator.
- With our Shareholders.
- If we merge with another organisation, form a new entity, sell our business, or purchase a business.
Where a third-party data processor is used, we ensure they operate under a contract that includes confidentiality and security of personal data and their obligations under the Data Protection legislation.
The security of your personal information is very important to us. We protect all personal data we hold and ensure we have appropriate organisational and technical measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent data from being lost, destroyed, or damaged.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All the personal data is processed in the UK however for IT hosting and maintenance your information may be situated outside the European Economic Area (EEA).
9) Your rights
You have the following rights:
- Transparency over how we use your personal information (right to be informed).
- To request a copy of the information we hold about you, which will be provided to you within one month (right of access).
- An update or amendment of the information we hold about you (right of rectification).
- To ask us to stop using information (right to restrict processing).
- Ask us to remove your personal information from our records (right to be forgotten).
- Request us to remove your information for marketing purposes (right to object).
- To obtain and reuse your personal data for your purposes (right to portability).
- Not to be subject to a decision based on automated processing.
You can contact us about any of these rights at the address in paragraph 14. To protect your privacy, we may ask you to prove your identity before we agree to respond to any request. There is no charge for a request, and we will respond to the request within one month.
If you are not satisfied with how we deal with your request, you can contact the Information Commissioners Office on 0303 123 1113 or at their website www.ico.org.uk
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer once you agree. Cookies contain information that is transferred to your computer’s hard drive.
It is important to know that Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.
We use the following Cookies:-
- Strictly necessary Cookies. These are Cookies that are required for the operation of our website. They include, for example, Cookies that enable you to log into secure areas of our website, such as account login, member benefits portal etc.
- Functionality Cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
- Analytical/Performance Cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
11) Retention of information
We hold your information only for as long as necessary for each purpose we use it. We use the following guidelines: –
- Any time limits set by law or recommended by regulators, professional bodies, or associations.
- For as long as we have a reasonable need for managing our relationship with you or running our organisation.
Our staff work to a detailed Retention & Disposal Policy.
Our premises are monitored by CCTV for the safety of visitors and staff, and the security of property. Images are retained for 30 days under ICO guidelines.
13) How to contact us
If you have any questions about how we collect, store, and use personal information, or if you have any other privacy-related questions, please contact us by any of the following means:
Phone us at 0333 772 1510
Email us at: email@example.com
Write to us at: Data Protection Officer, Hethel Innovation Ltd. Hethel Engineering Centre, Chapman Way Hethel NR14 8FB.