Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
Our use of your personal data is subject to your instructions, the General Data Protect Regulations (GDPR) and all national implementing laws, regulations and secondary legislation (each as amended or updated from time to time) and our professional duty of confidentiality.
For the purposes of laws regarding data protection, the data controller is Hoffbrand Consulting Limited (“Hoffbrand Consulting”), a limited company registered in England and Wales with registered number 06831118 and registered office address at Harben House, Harben Parade, Finchley Road, London NW3 6LH.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2 Data Collection
We may collect the following:
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address;
- Business information: data identifying you in relation to projects on which you instruct us or in which you are involved;
- Information from public sources: for example, LinkedIn and similar professional networks, directories or internet publications;
- Attendance records: to record your attendance at our offices for security purposes;
- Subscriptions/preferences: when you subscribe to receive updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving;
- Events data: attendance at and provision of feedback forms in relation to our events or events at which we may be present;
- Supplier data: contact details and other information about you or your company or organisation where you provide services to Hoffbrand Consulting;
- Social media: posts, Likes, Tweets, Blogs and other interactions with our social media presence;
- Technical information: information how you accessed this website and our technology services being IP address, browser type and version (for example Microsoft Internet Explorer or Edge, Firefox, Google Chrome, Apple Safari etc.), time zone setting, browser plugin types and versions, operating system you are using (for example, Microsoft Vista/Windows XP or later, MacOS, etc.), device type, hardware model, MAC address, unique identifiers and mobile network information;
- Online data: when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails.
Hoffbrand Consulting does not collect personal data about your online activities across third party websites or online services.
The above data will be provided to us by you, your employer, the company or organisation who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.
3 How we use your personal data
- Service provision: providing consultancy services including, extranets and other technology tools;
- Business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offering for you, develop our relationship and target our marketing and promotional campaigns;
- Communication: sending emails, newsletters and other messages to keep you informed od market insights and of our services;
- Events: running briefings, roundtables and other events;
- Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimise their functionality;
- Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
- Online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: compliance with our legal and regulatory obligations including auditing and reporting requirements;
- Managing suppliers: who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests section of this policy below.
4 Our reasons for using your personal data
We will process your personal data for several reasons:
- where you have given us consent: for example, where you share details for particular purposes;
- where this is necessary to deal with legal claims
- where Legitimate Interests processing is necessary for our legitimate business interests or those of a third party: provided this does not override any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.
5 Legitimate interests
We have legitimate business interests in:
- providing consultancy services;
- managing our business and relationship with you, your company or organisation;
- understanding and responding to enquiries and client feedback;
- understanding how our clients use our services and websites;
- identifying what our clients want and developing our relationship with you, your company or organisation;
- improving our services and offerings;
- enforcing our terms of engagement and website and other terms and conditions;
- ensuring our systems and premises are secure;
- developing relationships with business partners;
- ensuring debts are paid;
- operating suppressors to exclude you from direct marketing if you unsubscribe;
- sharing data in connection with acquisitions and transfers of our business.
6 Data Sharing
We may share your personal data with:
- professional advisers who we instruct on your behalf or refer you to, for example specialist technical firms;
- other third parties where necessary to carry out your instructions, for example existing or new service providers;
- our insurers and brokers;
- external auditors, for example in relation the audit of our accounts;
- our banks;
- external service suppliers, representatives and agents that we use to make our business more efficient, for example marketing agencies or telephone answering services.
- We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We will hold your information securely in line with physical, technical and administrative security measures however, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required to do so.
8 Location of your personal data
Information may be held at our offices and in United Kingdom based cloud IT systems together with those of our third-party agencies, service providers, representatives and agents as described above.
9 Data Retention?
We will retain your data for no longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of data. Typical retention periods will range from 3 to 15 years.
10 Your Rights
You have the following rights, which you can exercise free of charge:
- Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
- Transfer: you may us to help you request the transfer certain of your personal data to another party;
- Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) and you may challenge this however, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: where we are processing personal data with consent, you can withdraw your consent.
If you want to exercise any of these rights, please contact us as set out below.
11 How to Complain
Our Data Compliance Officer as noted in paragraph 17 below will attempt to resolve any query or concern you may raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the United Kingdom is the Information Commissioner’s Office that may be contacted online at https://ico.org.uk/ or by telephone (0303 123 1113).
12 Direct Marketing
As described above, you can opt-out of receiving direct marketing from us at any time.
We may use the information you give us on our website or other means for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services including events that we think may interest you.
You can opt-out of receiving direct marketing from us at any time. You can do this by clicking on the “unsubscribe” link included at the end of any marketing email that we send to you, or by contacting the Data Processing Officer.
13 Links to third-party websites
Our website, email updates and other communications may, from time to time, contain links to and from the websites of others. The personal data that you provide through these websites is not subject to this privacy notice and the treatment of your personal data by such websites is not our responsibility.
If you follow a link to any other websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.
This website is not intended for children and we do not knowingly collect data relating to children.
15 Changes to this policy
This policy may be changed from time to time.
If we change anything important about this notice (the information we collect, how we use it or why) we will highlight those changes at the top of the notice.
16 Contact the Data Processing Officer
Please contact us by post, email or telephone if you have any questions about this privacy notice or the information we hold about you.
You can contact us by emailing us at paul(Replace this parenthesis with the @ sign)hoffbrand.consulting or writing to us at our registered office:
Hoffbrand Consulting Limited
London NW3 6LH
Or call us on +44 (0)20 3002 0883
Hoffbrand Consulting Limited is registered with the Information Commissioner’s Office, registration number A8332811.