Hen Harrier Action (HHA) is committed to a policy of protecting the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR) 2016. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.
This policy applies to HHA and everyone working with or for HHA.
Lawful Basis of Processing Data
The lawful basis of processing of data will always be determined prior to any data being processed. The laws for processing personal data under the GDPR are as follows:
- Consent – the individual has given their consent to the processing of their personal data – eg you have ticked a box when signing up to a newsletter.
- Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party – i.e. you have purchased a product from HHA and we need your details to contact you about this product.
- Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of HHA, unless these interests are overridden by the individual’s interest or fundamental rights – eg HHA will use the history of your engagement with us to send you information about new things we are doing.
- Public Task – processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Vital Interests – processing of personal data is necessary to protect the vital interests of the individual or another individual.
GDPR Principles
The following principles are complied with when processing personal data:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (EEA) without adequate protection.
HHA processes personal data under one, or more, of the following Lawful Bases:
- Consent
- Contractual
- Legal Obligation
- Legitimate Interest
Type of Personal Data Being Processed
The type of personal data being processed may include:
- Name
- Address
- Email Address
- Telephone Number
- Demographic information such as postcode
- Ethnicity
How Personal Data is Collected
Personal data is obtained from one or more of the following:
- Visits and use of the HHA website
- Use of HHA social media
- Use of Google Analytics
- Attendees of HHA projects
- Subscribers to HHA newsletters
- Parties entering into agreements with HHA
- Requests for information about products and services offered by HHA
Why Personal Data is Collected
Personal data is collected to provide legitimate business services which include:
- For marketing purposes
- For us to review and reply to your enquiry
- To provide an opinion for a service you have requested
- To meet our statutory monitoring and reporting responsibilities
- To handle and communicate orders, billings and payment, delivery of products and services
- To improve HHA services and product offering
How Personal Data is Used
Personal data may be used to:
- Process orders, process a request for further information, to maintain records and to provide pre and after-sales service
- Carry out our obligations arising from any contracts entered into by you and us
- Comply with legal requirements
- We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us
- Seek your views or comments on the services we provide
- Notify you of changes to our services
- Send you communications which you have requested and that may be of interest to you. These may include information about newsletters, events and campaigns
- To inform you of various promotions, goods and services that may be of interest to you.
- Create a profile of your interests and preferences so that we can contact you with information relevant to you.
Where Personal Data is Stored
Information collected is stored on HHA’s website server.
By submitting your data, you consent to the transfer, storage and/or processing of your data wherever it be stored. However, if your data is transferred outside the EEA, steps will be taken to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this Policy.
How long Personal Data is Stored
We review our retention periods for personal data on a regular basis. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who has Access to Personal Data
Only HHA people are granted access to customer information. This is ensured by the use of strict operational processes and procedures.
We will not give your information to any third party.
Individuals’ Rights
-
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply, however, whatever the basis of processing:
- The right to be informed how personal data is processed
- The right of access to their personal data
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting us via the website contact form.
You can unsubscribe at any time by clicking on the “Unsubscribe” link at the bottom of any HHA newsletter.