Privacy notice for business contacts
This Privacy Notice describes how we collect and process the personal data you may provide us when you interact with us through our websites, or by any other means. It also explains how we’ll store and handle that data, and keep it safe.
Privacy notice for business contacts
Howbery Park Estates is a division of HR Wallingford Limited a company registered in England under number 02562099. Our registered office is at Howbery Park, Wallingford, Oxfordshire OX10 8BA, United Kingdom. For simplicity, throughout this Notice, “we”, “us”, “our” refers to HR Wallingford Limited, our parent company, our subsidiary companies and affiliates. We are committed to respecting your privacy and recognise your need for appropriate protection and management of any personal data you share with us. We keep our Privacy Notice under regular review and we will publish updates on this web page. This Privacy Notice was last updated 21 May 2018.
How to contact us
If you have any questions regarding your personal data and how we may use it, including any queries relating to this Notice, please contact [email protected].
Terminology
From 25 May 2018, our data processing activities will be governed by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”). For the purpose of the GDPR, we are the ‘Data Controller’ of all personal data obtained by us as set out in this Notice, because we ultimately determine how your personal data will be handled by us. We are also usually the Data Processor as we will usually process all your data ourselves. Sometimes we may sub-contract some of the data processing and in this case our sub-contractors, who would be our ‘Data Processors’. ‘Personal data’ is any information that can be used to identify you, including your name, e-mail address, IP address, or any other data that could reveal your physical, physiological, generic, mental, economic, cultural or social identity. If we handle your personal data then you are a “Data Subject”. This means you have certain rights under the GDPR in relation to how your personal data is processed, which are set out in this Notice.
How do we collect your personal data?
We may obtain personal data from you in a variety of ways, including when you:
- make direct contact with us by any means, for example by email, telephone or when you provide us with your business card;
- visit our website, for example when you complete an online form, create a user account; or subscribe to receive newsletters or email updates from us;
- apply for a job with us – this is covered by a separate Privacy Notice for Job Applicants;
- engage with us on social media;
- attend an event or meeting we host;
- choose to complete any surveys we send to you;
- visit our offices which usually have CCTV security systems (which may record your image).
We may also collect personal data while we are establishing a business relationship or providing our services or products through a contractual arrangement. In addition, we may collect personal data indirectly from public sources, for example news articles or internet searches, and from our clients and partners.
What categories of personal data do we collect?
We may collect the following categories of personal data, either through direct interactions, or from information provided by our clients and partners:
- Your contact details, for example, your name, job title, company name, work address, telephone numbers, and email address.
- Your professional details, for example, business interests, qualifications, professional memberships and affiliations, published articles.
- Your image, for example, from CCTV footage or from photographs taken on our premises or during events that we host.
- Your Twitter account and LinkedIn profile details;
- Your internet protocol (IP) address or other online identifiers;
- Your vehicle registration number;
- Location-based data;
- Your attendance at events and any dietary requirements you may have;
- Your comments/questions.
Why do we need your personal data?
We aim to be clear about the personal data we collect and tell you why we need it. This might typically include:
- Promoting our services, products and capabilities to existing and potential clients;
- Processing and responding to communications from individuals or requests for proposals and quotations;
- Sending invitations and providing access to events;
- Administering, maintaining and ensuring the security of our information systems, applications and websites;
- Authenticating access to user accounts or restricted areas of our websites;
- Identifying qualified candidates for our job vacancies (governed by our Privacy Notice for Job Applicants);
- Contacting journalists about our press releases, press events or to highlight messages that may be of interest.
How do we process your personal data?
We will only process your personal data where we have a legal basis for doing so, as outlined in this Notice, or as we explain to you at the time we collect it. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law. Your personal data may be shared with third parties, including (but not limited to) the following:
- any member of our team;
- third parties where we are under a duty to disclose your personal data to comply with any legal obligation, or to appropriate regulators or other law enforcement organisations;
We are committed to protecting your personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction and to keeping your data secure. We take all reasonable precautions to safeguard the confidentiality of your personal data. We have strict procedures and security features to prevent unauthorised access of your personal data.
What legal bases do we use to process your personal data?
There are four main legal bases that we rely on when it comes to processing your personal data. These are:
- Legitimate interest. We may need to process your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your email address to provide information you have asked us to supply, or send you information about updates to or similar services.
- Contractual obligations. If we are in a contract with you (or about to enter into a contract with you and you have requested certain pre-contract details) we may need to process your data to comply with our contractual or pre contractual obligations. For example, we might need to use your e-mail address to communicate with you, or pass your address details to a supplier in order for them to deliver something to you.
- Consent. In specific situations, we collect and process your data with your consent. We will usually ask you to tick a box (or similar) to confirm that you have provided your consent. For example, unless we have a legitimate interest to contact you to market our services, we will obtain your consent to receive marketing updates from us.
- Legal obligation. If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement agencies.
What if you don’t supply your personal data?
You are under no obligation to supply your personal data to us. If you chose to have a relationship with us, such as a contractual or other business relationship or partnership, we will naturally continue to contact you in connection with that business relationship, in accordance with this Notice and any additional contractual terms agreed with you.
How do you access and update your data?
Where we collect personal data from you, we want to provide a way for you to contact us should you need to update or correct that information. You can send updates and corrections about your personal data to [email protected] and we will incorporate the changes to the personal data that we hold and do so as soon as practicable.
How long do we retain your personal data?
Different personal data is collected for a variety of reasons, so we cannot definitively set out how long we will retain all personal data in this Notice. We will retain your personal data on our systems only for as long as we need it, given the purposes for which it was collected, or as required to do so by law. We keep contact information (such as mailing lists) until a user unsubscribes or asks us to delete their information. If you choose to unsubscribe from a mailing list, we may keep certain information about you so that we can honour your request.
Website visitors
By using our website or providing us with personal information, you are agreeing to this Notice. You can browse our website without telling us who you are. If you want to contact Howbery Park without sharing your personal information, please contact us by post or by telephone We may use the personal information you give us via our website and contact you for marketing purposes by email, where it is in our legitimate interests or if you have specifically provided your consent for us to do so. We will never share your details with other organisations outside of our Group to use for their own purposes, including marketing purposes. Should you wish to change your communication preferences, you can do this at any time by emailing [email protected].
Cookies
Cookies are small text files that are placed on the user’s device (computer or mobile phone) by websites that they visit. We may use ‘cookies’ to identify visits to our websites and track information on how visitors use a site.
WordPress 3.0+ wordpress_[hash]
On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/
wordpress_logged_in_[hash]
After login, wordpress sets the wordpressloggedin_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
wp-settings-{time}-[UID]
WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. Non-Version-Specific Data The actual cookies contain hashed data, so you don’t have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It’s quite hard to reverse a hash (bordering on practical infeasibility with today’s computers). This means it is very difficult to take a hash and “unhash” it to find the original input data.
Cloudflare __cfduid
The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.
Google Analytics _ga
Used to distinguish users.
_gid
Used to distinguish users.
_gat
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id> .
AMP_TOKEN
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id>
Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
Payment card information
If you use your credit or debit card to make a payment, for example, hospitality, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. Online payments on our websites are carried out using a ‘payment gateway’, which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. Your payment card information is handled by the bank and not processed or held by us. We use WorldPay as our payment gateway. Payments made by telephone will be processed by staff authorised and trained to see your card details and process payments. All card details and validation codes are securely destroyed once your payment has been processed. If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
Automated decision making
We don’t make decisions based solely on automated decision-making.
Your rights
As a Data Subject, you have the following rights in relation to your personal data:
- The right to be informed. You can ask us to tell you what personal data we are processing and why we are processing.
- The right of access. You have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing.
- The right to change incorrect or incomplete data. If you think the personal data that we hold on you is inaccurate or incomplete you can tell us and we will fix it.
- The right to erasure. If you want us to permanently delete the personal data we hold for you then you can ask us to do so.
- The right to restrict processing. If you do not like how we are using your personal data where we are relying on using it for our legitimate interests, then you can let us know and we will stop processing it in that way.
- The right to data portability. If you want us to pass on your personal data to someone else then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
- The right to withdraw your consent. If we have relied on your consent to process your personal data, you can withdraw this at any time by contacting us.
If you would like to exercise any of these rights, please contact [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds. You may contact the UK Information Commissioner’s Office at ico.org.uk to report concerns you may have about our data handling practices.
Comments are closed.