HEdSpace Consulting (referred to as HEdSpace, we, us or our) respect your right to privacy and are committed to safeguarding the privacy of our customers and website visitors and to the protection of personal information that relates to them in accordance with the EU General Data Protection Regulation (GDPR).
1. What is considered Personal Information?
“Personal Information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not.
“Sensitive Information” is Personal Information about an individual that includes health information, genetic information, biometric information or templates, or personal information that is also information or an opinion about an individual’s race or ethnicity, their religious, political or philosophical beliefs, opinions or affiliations, their sexual orientation or criminal record.
2. Why do we collect Personal Information?
2.1 Why do we collect your information?
2.2 How we contact you and how you may deal with us
HEdSpace may contact you using a variety of means including, but not limited to telephone, email, SMS and post.
You have the option to deal with us anonymously or by using a pseudonym. However, you acknowledge that where this is impractical or where the law or a court order provides otherwise, we are not required to provide these options to you.
If you choose not to provide your Personal Information to us, we may not be able to undertake certain activities for you (such as providing you with requested information, products or services, or including the information you provide to us in the course of our delivery of recommendations on a consultancy project to a client).
3. Collection of Personal Information
3.1 When and how do we collect your information?
We may collect and hold Personal Information about you such as your name, gender, date of birth, contact details (including your address, phone numbers and emails, whether personal or for work), employment information, and in some cases information related to your education.
We collect Personal Information directly from you in the course of delivering a project, when we consult with you directly or in a workshop, when you complete a survey, or when you correspond with us; when we otherwise supply you with services; when you request information about us or our products or services, provide feedback, change your content or email preferences, enter into an agreement or contract with us, fill in a form or a request for services, fill in a form on our website, attend an event, or otherwise contact us by telephone, facsimile, email, post or in person.
We will request that you provide us with your consent to collect, use or disclose your Personal Information. You may withdraw your consent any time in the same manner in which you gave consent or by contacting us in any of the ways set out in clause 10.
Where required by the GDPR, we will seek your consent to the processing of your Personal Information for specific purposes or your explicit consent when processing Sensitive Information (if applicable).
3.2 Do we collect information about you in other ways?
We may also collect Personal Information about you via third parties including from our clients, suppliers, through events or online marketing.
We may also process your Personal Information in performance of our contractual obligations when we receive it from a third party with whom you have entered into a contract or at your request.
In some circumstances we may receive Personal Information that we have not requested. If this occurs, we will comply with our obligations under the GDPR. You acknowledge that we may de-identify and/or destroy this information unless we are required to keep it by law.
4. Information collected via our Website
We will not collect any Personal Information about users of our Website except when they knowingly provide it.
4.2 Web host Data
When you visit and browse our Website, our Website host may collect Personal Information for statistical, reporting and maintenance purposes. Subject to clause 6.2, the Personal Information collected by our Website host will not be used to identify you. The information may include: the number of users visiting our Website and the number of pages viewed; the date, time and duration of a visit; the IP address of your computer; the path taken through our Website; or the browser type, operating system or website visited immediately before coming to our Website.
Our Website host uses this information to administer and improve the performance of our Website, including to assist with the diagnosis of and to provide support for any issues with our Website or services. This information is used in an aggregated manner to analyse how people use our Website, so that we can improve our service.
Cookies are small text files that are transferred to a user’s computer hard drive by a website for the purpose of storing information about a user’s identity, browser type or website visiting patterns.
4.4 Web Beacons
Web beacons are images that originate from a third party site to track visitor activities. We may use web beacons to collect aggregate data and provide this information to our Website host to administer and improve the performance of our Website.
4.5 Links to external websites
5. How we use Personal Information?
5.1 How do we use the Personal Information we collect about you?
We use the Personal Information we collect about you for our business functions and activities, which may include the following:
(a) to provide you with information or services you have requested;
(b) to promote and market our services to you;
(c) to personalise and customise your experiences on our Website;
(d) to deliver our consulting services to our clients;
(e) to provide you with ongoing information about us and our activities;
(f) to use aggregated or de-identified information for the purposes of data analysis, research and reporting;
(g) to comply with regulatory or other legal requirements;
(h) to protect the copyright, trademarks, legal rights, property or safety of HEdSpace, its customers or third parties; and
(i) for any other use required or permitted by law or any other purpose communicated to you at the time that the Personal Information was collected or for which you provided your consent.
We may use your Personal Information for a secondary purpose if that secondary purpose is related to the purposes listed in this clause 5.1, if we have your consent or if otherwise provided for under the GDPR.
5.2 Direct marketing
We may use your Personal Information to provide you with direct marketing materials if you would reasonably expect us to or if you consent to receive direct marketing materials. We will seek your consent to provide you with direct marketing materials if we have obtained your Personal Information from a third party. Direct marketing material may include promotional material about us or the products or services we offer.
You may opt out of receiving direct marketing material by contacting us in any of the ways specified in the direct marketing materials or as set out in clause 10.
6. When do we disclose Personal Information?
6.1 Who do we disclose your Personal Information to?
Depending on the nature of your relationship with us, we may disclose your Personal Information to our service providers who assist us in our business operations and recruitment activities (including third party service providers based overseas), government agencies, other third parties, (including parties that we engage to provide you with services on our behalf or who are connected with or involved in our relationship with you), or otherwise as required by law.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality.
6.2 Service providers
We may also disclose your Personal Information to our Website host or service providers in certain limited circumstances, for example when our Website experiences a technical problem or to ensure that it operates in an effective and secure manner.
We may also share non-personal, de-identified and aggregated information for research or promotional purposes in connection with providing requested information or services to you, or for the purpose of improving our services. We will not sell your Personal Information to third parties for marketing purposes.
7. Storage and data security
HEdSpace is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access to or disclosure of Personal Information, we have taken steps to put in place suitable physical, electronic and managerial procedures to safeguard and secure Personal Information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
We aim to keep your Personal Information secure and up to date. We will comply with our obligations under the GDPR in relation to any Personal Information that we handle, including information which is held on our computer systems.
If your Personal Information is disclosed to us or processed by us, you have rights under the GDPR relating to security and protection of data, notification of “personal data breaches” (as defined in the GDPR), and a right to compensation for damage arising from a personal data breach.
You may contact our Data Protection contact via the contact details below should you require additional information.
8. How long will we keep your Personal Information?
We will keep your Personal Information only for as long as required for our business purposes and otherwise as required by UK law.
Where we no longer need to keep your Personal Information in accordance with this clause 8, we will take reasonable steps to destroy or de-identify your Personal Information.
If you wish to have your Personal Information destroyed or de-identified, please let us know and we will take reasonable steps to do so (unless we need to keep it for legal, auditing or internal risk management reasons, or as otherwise required by law).
9. Accessing, updating and correcting your Personal Information
We will take reasonable steps to ensure that the Personal Information that we hold is accurate, up-to-date and complete. You can update your Personal Information at any time by contacting us in any of the ways specified in clause 10. We welcome any changes to your Personal Information so as to keep our records up to date.
You have the right to access Personal Information that we hold about you, to rectify your Personal Information, to erase your Personal Information (the ‘right to be forgotten’), to restrict processing of your Personal Information and the right to receive your Personal Information (the ‘right of portability’). We will comply with our obligations in relation to the exercise of your rights under the GDPR.
To exercise any of your rights in relation to Personal Information, including making a request for access, please contact us in any of the ways specified in clause 10.
10. How to contact us, find out more information or make a complaint
Name: HEdSpace Consulting Ltd.
Att: Data Protection Officer
Post: 51 Marguerite Way, Bishop’s Storford, CM23 4NE