HFS Specialities Ltd (“The Company”) may need to collect and use information about individuals and organisations in order to carry out its business. This information must be collected and dealt with appropriately– whether on paper, electronically, or recorded on other material and there are safeguards to ensure this under the General Data Protection Regulations (GDPR).
This policy applies to all employees of the Company and for the purposes of this policy, the term “Staff” or “Employee” means all members of staff including permanent, fixed term, and temporary staff, secondees, apprentices, any third party representatives, agency workers, volunteers, interns, agents and sponsors engaged with the Company in the UK or overseas.
Any information which relates to a living individual who can be identified from the information. It also extends to any information which may identify the individual. Examples of personal data:
- A person’s name and address (postal and email)
- Date of birth
- Statement of fact
- Minutes of meetings, reports
- Emails, file notes, handwritten notes, sticky notes
- CCTV footage if an individual can be identified by the footage
- Employment applications
- Spreadsheets and/or databases with any list of people set up by code or employee number
- Employment history and HR records
Sensitive Personal Data
Any information relating to an individual’s:
- Religious or other beliefs
- Political opinions
- Membership of a trade union
- Sexual orientation
- Medical history
- Offences committed or alleged to have been committed by that individual
The law on data protection sets out several different reasons for which the company may collect and process personal data, including:
Consent: In specific situations, we can collect and process data with personal consent. For example, when a customer ticks a box to receive email newsletters.
When collecting personal data, we’ll always make clear which data is necessary in connection with a particular service.
Contractual obligations: In certain circumstances, we need personal data to comply with our contractual obligations. For example, customer orders for home delivery, we collect the address details to deliver the purchase, and pass them to our courier.
Legal compliance: If the law requires us to, we may need to collect and process personal data. For example, we can pass on details of people involved in fraud or other criminal activity affecting the Company to law enforcement.
When do we collect personal data?
- When you visit any of our websites, or buy products and services on the phone, face to face or online.
- When you create an account with us.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints etc.
What sort of personal data do we collect?
If you have a web account with us: your name, billing/delivery address, orders and receipts, email and telephone number.
We may also record:
- Details of your visits to our websites and which site you came from to ours.
- Partial payment card information.
- Your image may be recorded on CCTV when you visit our shop or car park.
Here’s how we’ll use your personal data and why:
- To process any orders that you make by using our websites or in store. If we don’t collect your personal data during checkout, we won’t be able to process your order and comply with our legal obligations.
For example, your details may need to be passed to a third party to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on.
- To respond to your queries, refund requests and complaints.
- To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account.
- For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
- To process payments and to prevent fraudulent transactions.
- With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, post or telephone about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on.
Of course, you are free to opt out of hearing from us by any of these channels at any time.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To display the most interesting content to you on our websites or apps, we’ll use data we hold about your favourite brands or products and so on. We do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.
For example, we might display a list of items you’ve recently looked at or offer you recommendations based on your purchase history and any other data you’ve shared with us.
- To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account.
How long we keep your personal data
We will keep all transaction related data for seven years to comply with our legal obligations to HMRC. This information is stored electronically and\or as hard copies. After seven years this data will be securely destroyed.
Your rights over your personal data
You have the right to request:
- Access to the personal data we hold about you.
- The correction of your personal data when incorrect, out of date or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty).
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
You have the right to request a copy of any information about you that the Company holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Data Protection Officer, HFS Specialities Ltd, Unit 14 Stirchley Trading Estate, Hazelwell Road, Birmingham B30 2PF, or email email@example.com.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113 or go to www.ico.org.uk/concerns
If you live outside the UK
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK. By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes. This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK. We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data. If you have any questions, please contact our Data Protection Officer via firstname.lastname@example.org
Policy Implementation & Review
The Data Protection Officer responsible for ensuring that HFS Specialities Ltd complies with the requirements of GDPR is Harry Starling, Director.
The Director will carry out an annual review of the policy for completeness, effectiveness and usability and to ensure continued compliance with any changes to GDPR.