1.1 This privacy notice (Privacy Notice) sets out how we, Hatto + Partners (we, us, our), collect and use your personal data (your personal information) in connection with our businesses. It also explains what rights you have to access or change your personal data.
1.2 We are the data controller in relation to the personal data processed in accordance with this Privacy Notice (except where this Privacy Notice explains otherwise). This Privacy Notice and our procedures have been developed in line with the EU General Data Protection Regulation requirements, the Data Protection Act 2018 and other applicable national law (Data Protection Law).
1.3 Where we refer to ‘website’ in this Privacy Notice, we are referring to the Hatto + Partners website at www.hattoandpartners.com
1.4 Please note that if you are applying for a job via the Careers section of the website or otherwise, your application and any personal data you provide will be processed in accordance with the Hatto +Partners Candidate Privacy Notice
1.5 Note, if you have come to this Privacy Notice because you would like to stop receiving marketing emails from us, you can unsubscribe at any time by following the “unsubscribe” link at the bottom of those emails.
2.0 ABOUT US
2.1 We are companies registered in England under company number 044077536 (Hatto Limited), with our registered address as set out below.
2.2 You can contact us as follows:
Address: Highlands, Wells Lane, Whitchurch, Hampshire, RG28 7AL
3.0 INFORMATION WE MAY COLLECT ABOUT YOU
3.1 Information that you provide to us
3.1.1 We will collect any information that you provide to us when you:
(a) enquire about our services via email, telephone, post or via our social media channels;
(b) subscribe to our mailing lists and newsletters via the website;
(c) as a client, ask us to provide services to you (or you work for someone to whom we provide services to)
(d) as a supplier, provide goods or services to us (or work for someone who supplies goods or services).
3.1.2 The information you provide might include your name, address, email address, phone number and job title.
3.2 Information we collect about you
3.2.1 We will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, we will record that correspondence.
3.2.2 We use CCTV to maintain our premises' security, prevent and investigate crime, and in the
interests of health and safety. The images captured are securely stored and only accessed where necessary (e.g., to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time (no more than 30 days) unless an issue is identified requiring investigation (such as a theft).
3.2.3 In the unlikely event that you have an accident on our premises, we will also collect details of to
accident in-order-to comply with relevant health and safety legislation.
3.2.4 When you sign up for our e-mail newsletters, we use technology to collect information about how you
interact with our emails, including whether our emails are delivered to you and whether you open them, unsubscribe from them, or click on any of the links they contain.
3.2.5 We also use analytics tools on our website to collect anonymized and aggregated information about website visitors. This includes information about how our visitors navigate the site (including mouse movements and key presses), details of our visitors’ browsers, operating systems, device screen resolutions and screen sizes, internet protocol (IP) addresses, geographic locations, time zone settings and other technology on the devices they use to access our website. We use this information for analysis purposes and, unlike the other types of information we collect from our website visitors, cannot be used to identify individuals.
3.3 Information we receive from third parties
3.3.1 We may be provided with your contact details if you or your services are referred or recommended to us by a third party;
3.3.2 We use lead generation agencies who use publicly available sources and dedicated databases to obtain contact details for business purposes; and
3.3.3 In certain circumstances, we may use a third-party provider to conduct due diligence on our suppliers. This may lead to us being provided with personal data relating to criminal convictions and offenses (such as fraud, bribery) and other information relevant to our decision as to whether to conduct business with you or your company. This information is obtained from publicly available sources.
4.0 HOW WE USE INFORMATION ABOUT YOU AND YOUR RECIPIENTS
4.1 We will use your information for the purposes listed below, based on:
4.1.1 performance of your contract with us and the provision of our services to you;
4.1.2 your consent (where we request it); or
4.1.3 our legitimate interests (see paragraph 4.3 below).
4.2 We may use your information for the following purposes:
4.2.1 to provide you with access to our website convenient and optimal, including sharing your information with our website hosts and developers (based on our legitimate interest to ensure our website is presented effectively and optimally).
4.2.2 as a client, to provide you with our services as agreed pursuant to the performance of our contract with you;
4.2.3 to keep in contact with you about our news, events, or new services that we believe may interest you provided that we have the requisite permission to do so, and sharing your information with our e-mail marketing services provider based on your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
4.2.4 If you are a supplier, to receive services from you or your organisation, for example, where a supplier providing us with IT or other outsourced services, we will handle personal data about the individuals who are involved in providing the service to us;
4.2.5 to carry out aggregated and anonymised research about general engagement with our website (based on our legitimate interest in providing the right kinds of information and content to our website users);
4.2.6 to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including without limitation fraud (based on our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and
4.2.7 to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (based on our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).
4.3 Where we refer to using your information based on our “legitimate interests,” we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:
4.3.1 personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
4.3.2 To provide you with direct marketing about our products and services unless you have asked to be taken off our mailing lists;
4.3.3 Protecting against fraud and other risks to our business, for example, when we collect personal data the course of carrying out due diligence on our suppliers; and
4.3.4 Ensuring network and information security and our pour premises' security, when we use CCTV at our premises.
4.4 Where we use your information for our legitimate interests, we make sure that we consider any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours. We won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). Please refer to details of “Your Rights” in paragraph 9 below if you have any concerns about our processing.
5.0 WHOM WE MIGHT SHARE YOUR INFORMATION WITH
5.1 I connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal data with third parties that we work with, such as:
5.1.1 third parties who provide data processing and IT services to us, including website hosting providers, data back-up, security and storage providers and cloud-based software providers;
5.1.2 other third-party service providers who help us run and improve our business. For example, providers of email services, marketing services, survey and market research providers, providers of fulfilment and postal services and travel service providers;
5.1.3 any selected third party that you consent to our sharing your information with for marketing purposes;
5.1.4 any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006;
5.1.5 third parties with whom we may choose to sell, transfer or merge parts of our business or our assets; and
5.1.6 any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
5.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
7.0 HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR
7.1 We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:
7.1.1 Ensuring the physical security of our offices and other sites;
7.1.2 Ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
7.1.3 Limiting access to your personal data to those in our company who need to use it in the course of their work.
7.2 We will retain your information for as long as it is necessary to provide you with the services you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as exercising our legal rights. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it.
Please contact us if you would like to be provided with the retention periods' details for specific aspects of your personal data.
7.3 The personal data we hold about you must be accurate and current. Please keep us informed if your personal data changes during your relationship with us.
8. INTERNATIONAL TRANSFERS OF YOUR INFORMATION
8.1 We are a global business based in the UK and we use third-party service providers located in other countries to help us run our business. As a result of this, we may transfer personal data outside of the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, also referred to as the “EEA”).
8.2 Countries outside of the EEA may not have data protection laws that provide the same level of protection as those within the EEA and so whenever we transfer your personal data outside the EEA; we take steps to ensure all personal data is protected with adequate safeguards, such as by entering into the European Commission
approved standard contractual clauses or transferring personal data to service providers in the USA, which of the “EU-US Privacy Shield” scheme.
8.3 Please contact us if you would like further information on the specific mechanism we use when transferring your personal data out of the EEA or if you wish to request a copy of the relevant safeguards which we have put in place.
9.0 YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU
9.1 You have certain rights under Data Protection Law in respect of the information that we hold about you:
9.1.1 Access: You have the right to request confirmation that we are holding your personal data and to access a copy of the personal data that we hold about you. This is known as a “data subject access request” and enables you to check that we are handling your personal data lawfully;
9.1.2 Correction: You can ask us to change or complete any inaccurate or incomplete personal data we hold about you;
9.1.3 Erasure: You can ask us to delete or remove your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful reason for keeping it;
9.1.4 Objection: You can object to our processing of your personal data where we rely on a legitimate interest if there is something about your particular situation which makes you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;
9.1.5 Withdraw consent: If you have given us your consent to use personal data, you can withdraw your consent at any time;
9.1.6 Transfer: You can ask us to provide the personal data which you have provided to us back to you or to a third party in a structured, commonly used, electronic form so that it can be easily transferred; and
9.1.7 Restriction: You can ask us to suspend the processing of your personal data, for example, if you want to establish its accuracy or where you have objected to our use of it.
9.2 In addition and in accordance with Data Protection Law, you have the right to complain about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.
9.3 Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. If this is the case, you will be notified of this at the time of your request. If you make a request, we may require specific information from you to help us confirm your identity. This ensures that personal data is not disclosed to anyone who does not have the right to receive it.
9.4 You may exercise your rights in 9.1 above by contacting us directly using the details set out in 2 above.
10.0 CHANGES TO THIS PRIVACY NOTICE
10.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our site or notify you of any material changes by e-mail.
This Privacy Notice was updated on 05 October 2020.