Privacy and Cookies Policy

Who we are

This is the Privacy & Cookies Policy of the Hilton-Baird group of companies, which comprises:

Each company’s registered address is Fleming Court, Leigh Road, Eastleigh, Hampshire, SO50 9PD and additional contact details are available on our websites. Any Data Protection enquiries should be directed to dataprotection@hiltonbaird.co.uk. When we refer to “HBG”, “we”, “us” or “our” we are talking about all the Companies within the Hilton-Baird Group.

Your use of our website and our services indicates your agreement to the terms of use set out on our website, which you should consult.

We are committed to protecting any data that we collect concerning you and processing it only in ways which comply with the Data Protection Act 1998 (and any replacement legislation) (“the DPA”, for short) and the European Union’s General Data Protection Regulation (“the GDPR”).

This Privacy Policy (“Policy”) explains what personal data we collect about you, how we will tell you about the data we collect and what we do with it, and explains the legal basis on which we process your personal data under the GDPR.

Please contact us if you have any questions about this Policy or wish to exercise your legal rights under the GDPR.

By email to: dataprotection@hiltonbaird.co.uk

Or by post to:

Fleming Court
Leigh Road
Eastleigh
Hampshire
SO50 9PD

Contents

What Personal Data do we collect about you?

We may collect, use, store and transfer different kinds of Personal Data about you. The Personal Data we collect will depend on the relationship you have with HBG.

If you are:

An employee of HBG, someone working with us under a contract for services, or someone who applies for employment or work with us, we will provide you with specific privacy information and also ask for your consent to use Special Categories of Personal Data which we’re likely to obtain as a result of our working relationship. Although you should refer to any more specific privacy information we give you, we will also collect the following information on you:

A business contact, including persons who supply us with goods (including hiring things to us) or services and any contacts at a company or other organisation which does so we may collect the following types of data on you:

A client or potential client, being a company or other organisation who has approached us in order to instruct or potentially instruct our services:

A customer of our client, including persons who we have identified or been notified as customers for our client and any contacts at a company or other organisation which has similarly been identified we may collect the following types of data on you:

Under the GDPR, we’re required to ensure any personal data we hold is accurate and, where necessary, kept up to date, but also that we keep it no longer than is necessary for the purposes we use it for. We may also be required by law to retain certain types of data for a longer period

All telecommunications data is kept in line with the European Union’s Data Retention Directive, for a minimum period, after which time all archived data is purged and erased.

If you fail to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested:

What we do with Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use, analyse and assess your personal data in the following circumstances:

In obtaining or storing information about you we may:

 

If you do not want your data to be used by us or selected third parties for marketing purposes, please ensure that you select the appropriate option on any of our online forms. You can also notify us at any time if you do not wish your data to be used in this way.

Our Legal Basis for Data Processing

HBG is a data controller working on its own behalf and on behalf of the group companies and their clients. We collect and process information based upon our Legitimate Interests, which is to promote and support the business of the group companies.

In line with ICO recommendations, HBG has conducted a Legitimate Interests Assessment. When processing your personal information, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your Personal Data for activities where our interests are overridden by the impact on you.

Additionally, we fully comply with the Corporate Telephone Protection Service (CTPS).

We collect Personal Data to obtain funding options, process your order, manage your account, assist with contractual support and, if we are legally permitted to do so, to email you about other products and services we think may be of interest to you.

We use our marketing automation provider, Salesfusion, to assign lead scores to our contacts based on a number of factors. These scores can be generated by reviewing the webpages visited, any action taken off the back of any email we have sent, or by matching any personal information that has been provided to us, for instance their job title. This allows us to contact or send more relevant information to visitors, based on this information. We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. Where the legal basis for our processing is our or another person’s legitimate interest, we explain what these are.

Note that we may process your Personal Data on more than one lawful basis depending on the specific purposes for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your Personal Data where more than one ground has been set out in the table below.

 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you (or your employer or a person or entity to whom you provide services) as a new client, customer or potential funder.

(a) Identity data

(b) Contact data

(c) Financial data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests in running our business

(c) Your consent

To fulfil our contractual obligations to you or your organisation or to enforce your or your organisation’s obligations to us, including to

(a) Process your order

(b) Assist with contractual support

(a) Identity data

(b) Contact data

(c) Financial data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests in running our business in a prudent and profitable manner and for the benefit of our stakeholders

To share your data with our client or to a potential funder or customer.

(a) Identity data

(b) Contact data

(c) Financial data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests in running our business

(c) Your consent

To manage your account:

(a) Notifying you about changes to our terms or Policy

(b) Contacting you about products or services we provide

(a) Identity data

(b) Contact data

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how our services are used and received)

(d) Your Consent

To administer and protect our business which may include:

a) Financial risk assessment, preventing money laundering, fraud or other wrongdoing;

b) Contacting credit reference agencies and making

credit related

decisions;

(a) Identity data

(b) Contact data

(c) Financial data

(a) Necessary for our legitimate interests

(b) Necessary to comply with a legal obligation

To administer a contract for services or contract of employment between us – we will provide you with further information about this when we collect information from you and during the course of our relationship)

(a) Identity data

(b) Contact data

(c) Financial data

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to administer the economic relationship between us)

(c) Necessary to comply with a legal obligation (related to your work or workplace or our obligations under the law in relation to these)

To share information with members of our Group about our suppliers, customers, and financial position from time to time

(a) Identity data

(b) Contact data

(c) Financial data

(a) Performance of a contract with you

b) Necessary for our legitimate interests (to administer the economic relationship between us and to promote the businesses of our Group)

To comply with legal and regulatory obligations, including the prevention of bribery and money laundering and financial reporting obligations

a) Identity data
(b) Contact data
(c) Financial data

(a) Necessary to comply with a legal obligation
b) Necessary for our legitimate interests (to ensure we comply with our regulatory and legal obligations and for the prudent conduct of our business)

 

Where is the Personal Data sourced?

We collect two types of information from site users and other people we contact in the course of our business: statistical data (e.g. how many users use the site, and which pages they view); and Personal Data.

The statistical data we capture includes your IP address as you browse the site. This is purely for website statistics, recording the number of users to the site and which pages they visit. This information does not tell us who you are, and we only use this to monitor the effectiveness of the site.

Personal data is obtained from a variety of sources, depending upon the agreement with our client.

In some instances, data will have been provided by our client. Additionally, we source or purchase data from GDPR compliant data providers and online resources in the public domain.

We may receive Personal Data about you from various third parties and public sources including directors, shareholders and employees at any business or organisation you are associated with public registers, credit reference agencies and public bodies or authorities.

We also obtain personal data through offline methods, either directly (for instance, over the telephone or when you consent to your data being passed to our client to access their goods or services) or indirectly (for instance, from your colleagues when they advise you’re the most appropriate contact).

Personal data is only captured online when you provide it, such as but not limited to when you fill in a contact form, subscribe to our email service, download a resource or enter a competition, for example.

We may also receive Personal Data about you from other members of our Group in connection with the business of the Group or any member of the Group.

Who is the Personal Data shared with?

We may share your Personal Data with the parties set out below for the purposes set out in the table above.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Your email address will never be made available to another organisation for marketing purposes without your explicit consent. However, please note that under Article 6(1)(f) of GDPR, from 25 May 2018 we will have the right to contact you and pass your details to third parties where we have a genuine and legitimate reason to do so, unless this is outweighed by harm to your rights and interests. We also have the right to share your details in the event the sharing of such information is necessary for the performance of a contract with you

We will always maintain control over the confidentiality of your information. However, we can disclose your information to authorised parties if we are required to by law.

All personal data is stored and processed within the EU, with the exception of the following data processors we work with. Where this is the case, this data transfer is GDPR compliant.

Clickdesk

Personal data processed for us by Clickdesk companies located within the EU store personal data on servers within the European Economic Area, but some personal data may be processed by Clickdesk Corporation in the United States.  We have EU model contracts in place with Clickdesk and its group companies to ensure adequate protection for any personal data transferred to the US.  

Clickdesk Corporation is also in the process of becoming certified under the EU-U.S. Privacy Shield Framework.  This framework is considered by the European Commission to provide adequate protection for the rights of EU citizens in personal data.

Salesfusion

Personal data processed for us by Salesfusion is hosted in Europe using Amazon Web Services data centres in Ireland.  As Salesfusion is an American company, it also participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.  This framework is considered by the European Commission to provide adequate protection for the rights of EU citizens in personal data.

Google

Personal data processed for us by Google may be stored and processed in the United States of America and any other country in which Google or its contractors maintain facilities.  Google LLC (the parent company of the Google group) is self-certified under the EU-U.S. Privacy Shield Framework on behalf of itself and its wholly-owned U.S. subsidiaries and will process your data subject to it.

This framework is considered by the European Commission to provide adequate protection for the rights of EU citizens in personal data.

Optinmonster

Personal data processed for us by Optinmonster under a written data processing agreement and in accordance with Article 46 of the GDPR.

Accuracy of Data

Core to our service is ensuring the data we are working with is up to date and accurate. We may do this ourselves or may engage a third-party service provider to do so. Third party service providers may compare your data to publicly available information or to information they lawfully hold or obtain about you and may analyse or provide this data to us to help us in the conduct of our business. We will ensure that any service provider only processes your information in a way that complies with the law.

However, if you believe that the data we hold for you is incorrect, please contact us at dataprotection@hiltonbaird.co.uk.

Your Legal Rights

Data Protection Law gives you certain rights in relation to your Personal Data held by us. The summaries of your rights set out below are merely that, and are not intended to give you other or additional rights. You have the right to:

1. Access to Information

Under the DPA and GDPR, you have a right of access to information we hold on our records about you. Please note that the DPA allows us to charge a fee for this service. Please contact us at dataprotection@hiltonbaird.co.uk to request access.

2. Right to Object

You have the right to object to any processing we undertake where we are relying on our legitimate interests (or those of a third party) as the legal basis for our use of your data, on grounds related to your own personal situation.

Likewise, you have a right to tell us not to process your personal data for direct marketing purposes. We will give you the option to refuse marketing when we collect your details. You can also exercise this right at any time by contacting us at unsubscribe@hiltonbaird.co.uk, or by unsubscribing from any marketing email which we send to you.

You may opt-out at any time using any of the following methods:

3. Right to Erasure

You have the right to have your personal data erased:

4. Right to Request Restriction

You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

5. Right to Data Portability

You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format.

Note that this right only applies:

Should you wish to make a complaint over our use of your personal data at any time, you can do so by contacting the Information Commissioner’s Office (ICO). The ICO is the UK’s supervisory authority for data protection issues (www.ico.org.uk).

If you do have a problem, question or concern about our use of your Personal Data, we would really appreciate the chance to try to help you before you approach the ICO, so please feel free to contact us in the first instance at dataprotection@hiltonbaird.co.uk.

Data Security

We take appropriate technical and organisational security measures to ensure any information you provide to us is stored securely and confidentially and is not processed except in accordance with the GDPR and the DPA. However, we cannot guarantee the security of any information disclosed online, including the possibility that another person or organisation may monitor, intercept or obtain your information other than from us. By using our website, you accept the security implications of providing information over the internet and agree not to hold us responsible for any harm arising from those risks, unless we have been proved to be negligent.

Cookies

To assist your navigation of this website, make full use of the tools and aid our prevention of fraud, we may send ‘cookies’ from this website to your computer, mobile phone or tablet. However, we do not collect any personal data or personal information about you unless you provide information to our server.

Our Cookie Policy

For the best browsing experience when using our website and to ensure that we can continue to adapt the site to our visitors’ interests and expectations, your computer, mobile phone or tablet will need to accept cookies.

Below is a list of the main cookies we use on our site and what they are used for:

bid, BNI__BARRACUDA_LB_COOKIE, BNI_BARRACUDA_LB_COOKIE, Recipient, ASP.NET_SessionId, PHPSESSID

Description: These are used when you have visited our website from an email marketing campaign via one of our providers, Salesfusion. These allow us to link individuals already known to us and opted in to our communication to website activity.

CRMC, CC, CC2, PostID, gator_td

Description: These are used when you have visited our website from one of our email marketing campaigns via our provider, CommuniGator. These allow us to link individuals already known to us and opted in to our communication to website activity.

_oktrk

Description: This is used when you have visited our website from our social media posts via our provider, Oktopost. These allow individuals already known to us and opted in to our communication to website activity.

OriginalReferralURL, OriginalTargetURL, RecentReferralURL, RecentTargetURL

Description: These cookies show us how you found our website, which website you came from and which of our webpages you visited first. This helps us to review which of our online marketing channels is most effective. They also enable us to reward some external websites for directing you to us.

om-second-297444, om-297444, om-global-cookie, om-interaction-cookie

Description: This allows us to serve a subscribe pop-up to our regular blog visitors and also prevent it from being shown if you come from one of our newsletters.

ASP.NET_SessionId, PHPSESSID

Description: This cookie allows some of the features on our website to function correctly, such as our quote and solutions engine tools. The website and these features wouldn’t work without it.

__utma, __utmb, __utmc, __utmz, _gat, utm_campaign, utm_content, utm_medium, utm_source, utm_term

Description: These cookies enable the function of Google Analytics software. This software helps us to collect and analyse visitor information such as browser usage, new visitor numbers, responses to marketing activity and other general website trends.

This information helps us to improve the website and to make our marketing campaigns more relevant. The data stored by these cookies can only be seen by the team at Hilton-Baird Group and Google, and never shows any confidential information.

Additional information: Our website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies to help us to analyse how users use the site.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout

For more information, visit https://www.google.com/intl/en/privacy/privacy-policy.html

wow.anonymousId, wow.session, ASP.Net_SessionId, PHPSESSID

Description: These cookies enable the function of WOW Analytics software. This software helps us to collect and analyse visitor information such as browser usage, new visitor numbers, responses to marketing activity and other general website trends.

This information helps us to improve the website and to make our marketing campaigns more

relevant. The data stored by these cookies can only be seen by the team at Hilton-Baird Group and WOW Analytics, and never shows any confidential information.

X-LI-IDC, __qca, bcookie, X-LI-IDC, visit, NSC_MC_WT_FU_IUUQ)

Description: LinkedIn cookies are introduced by the LinkedIn share button. This is only present on our blog pages. They are used to track which pages you visit.

Additional information: For more information, visit https://www.linkedin.com/static?key=privacy_policy

pid, _twitter_sess, k, guest_id and original_referer

Description: This enables the Tweet button on our blog pages, which allows you to easily compose a Twitter message containing a link to the page. The cookies store anonymous session data and, if your computer is already logged in to Twitter, may contain session or other data identifying the logged in account.

Additional information: For more information, visit https://twitter.com/privacy

khcookie, NID, SNID and PREF

Description: We may use Google Maps on our website to provide detailed information on how to locate our facilities. We would use Google’s interactive maps because we believe they provide a helpful way for our visitors to identify how best to travel to us, and on the basis that Google adheres to its privacy policy.

Additional information: For more information, visit https://www.google.co.uk/intl/en-GB/policies/. For terms of service for Google Maps, visit https://www.google.com/intl/en_uk/help/terms_maps.html

ClickDesk

Description: We may use ClickDesk on our website to provide live chat functionality to our clients. We would use ClickDesk’s service because we believe they provide a helpful way for our visitors to interact with us, and on the basis that ClickDesk adheres to its privacy policy.

Additional information: ClickDesk uses cookies to make their service easier to access. They save your details, to avoid the need to enter the same information every time you need to access your account. They use an encrypted cookie to store the time you signed in, your unique ID, which eliminates the need to sign in when you access a different page, within your account. It also helps them remember your preferences and present to you, the same personalized settings every time you use the service. The information collected by cookies does not allow identifying you personally. It collects general information pertaining to your IP address, operating system, browser details and your location.

Updates to this Policy

We reserve the right to update our Privacy & Cookies Policy at any time. We will take reasonable steps to draw your attention to any changes in our Policy. However, to be on the safe side, we suggest that you read this document each time you use the website to ensure that it still meets with your approval. Should you disagree with any changes made, you may withdraw your consent at any time using the methods outlined above.

Registered address: Fleming Court, Leigh Road, Eastleigh, Hampshire, SO50 9PD.