HELLENIC SYSTEMS LTD PRIVACY NOTICE
With effect from 25 May 2018, the General Data Protection Regulation (known as the “GDPR”) governs how organisations handle personal data, whilst it also expands the rights of individuals to control how their personal data is collected and processed.
Hellenic Systems Ltd (referred to in this Privacy Notice as “we” or “us”) is a data controller under the provisions of the GDPR. We are committed to ensuring compliance with our GDPR Data Protection obligations. Please read the contents of this Privacy Notice carefully, to ensure you understand how and why your personal data is collected, and how this is used by us. In the event you have any queries concerning any aspect of this Privacy Notice, please contact Pauline Carter by email firstname.lastname@example.org or by telephoning 01245 325753
Personal data is data which can be used to identify you, whether by itself or when combined with other data available to us. From the time you first make contact with us we will begin to collect your personal data, and this will continue throughout the time we have a legitimate reason to do so. The exact information we will request from you will depend on the work you have asked us to undertake on your behalf, or what we are contracted to do for you. Most of your personal data will be collected from you directly, however there may be occasions when information is collected indirectly. The personal data that we collect and use may include the following:-
(i) Name, work address.
(ii) Contact details, to include email address, work and mobile telephone numbers.
We will always keep requests for information to the minimum level that is required to carry out your work.
Sources of Information
The personal data that we collect about you may be drawn from a number of sources which include, but are not limited to, the following:-
(i) You may provide the information to us directly, whether verbally, in writing (e.g. by letter, email or fax) or through our website. All data that you disclose should be complete, accurate and up to date and, in the event you provide personal data regarding a third party, you must ensure you have the authority to do so.
(ii) We may receive information from third parties, to enable us to undertake the work that you have instructed us to do.
(iii) Information may be collected about you through our website. For more information, please see our Website Policy.
Use of your Personal Data – the Legal Basis and Purposes
Personal data that we hold in relation to you must be processed by us fairly and lawfully. In accordance with our legal obligation, we are registered with the Information Commissioner’s Office as a data controller and our reference is Z746878X.
The primary reason we will collect and process your data is to enable us to perform and fulfil our contract with you as a representative of your employer or as an individual.
Your personal data will be processed as necessary for our own legitimate interests or those of other persons and organisations. These include but are not limited to the following:-
(i) For good governance, accounting, managing and auditing our business operations.
(ii) For market research, analysis and developing statistics.
(iii) To send you marketing communications from other departments within our firm.
(iv) Maintaining network and data security.
Your personal data will be processed as necessary, to comply with legal obligations that we have. These include but are not limited to:-
(i) When you exercise your rights under data protection law and make a Subject Access Request.
(ii) For compliance with legal and regulatory requirements and related disclosures.
(iv) For activities relating to the prevention, detection and investigation of crime.
There will be occasions when the purpose for which we process your personal data will require your specific consent, for example when you request us to disclose your personal data to other people or organisations. In these circumstances, we will contact you to ask for your specific consent to process your data. If consent is granted, you will be free at any time to change your mind and withdraw your consent. You must however be aware that the consequence of failing to give consent or withdrawing your consent, may be that we cannot undertake a specific task for you.
Sharing of your Personal Data
During the conduct of your case or transaction, we may need to disclose some information to third parties outside of this firm. However, these disclosures will only be made when they are necessary to enable us to fulfil our contract with you, or for some other lawful purpose as identified in the GDPR.
Please be assured that we do not sell or otherwise make your personal information commercially available to any third parties.
Your personal data will be held on our computer system and/or in paper files, and will be retained in accordance with our Data Retention Policy. Our Data Retention Policy categorises all of the information held by us and specifies the appropriate retention period of each category of data. The retention periods are based on the requirements of applicable data protection laws, and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action and good practice.
How we protect your personal information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, misuse, disclosure, alteration or unintentional destruction consistent with applicable data protection laws. Our staff have been fully trained and are familiar with the provisions of the GDPR, and they understand the importance of confidentiality and the need to protect your personal data. We take reasonable steps to ensure your personal data is kept up to date where necessary, and we have a procedure in place to ensure ongoing monitoring is undertaken in relation to our data protection obligations.
Visitors to our Website
To help us improve our website, we use Google Analytics, which is a web based analytics tool that tracks and reports on the manner in which the website is used. Information is collected through cookies, which are small text files that are downloaded to your device by websites you visit. The information that the cookies collect is aggregated and anonymous. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If you believe that any information we hold about you is incorrect or incomplete, or if your details have changed since you first provided them to us, please let us know as soon as possible so that we can update our records.
Your Rights Regarding Your Personal Data
The GDPR and other applicable data protection laws provide certain rights for you. Specifically, GDPR provides the following:-
(i) You have the right to be informed about our processing of your personal data.
(ii) You have the right to object to the processing of your personal data.
(iii) You have the right to restrict the processing of your personal data.
If you object to or seek to restrict the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, your objection, restriction or withdrawal of any previously given consent could mean that we are unable to perform the actions necessary to achieve the purpose for which we are instructed, or that you may not be able to make use of the services offered by us. Please note that even after you have chosen to withdraw or restrict your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights, or meeting our legal and regulatory obligations.
(iv) You have the right to have your personal data erased (known as “the right to be forgotten”).
(v) You have the right to request access to your personal data and information about how we process it (known as a “Subject Access Request.”)
A Subject Access Request entitles you to a copy of the personal data that we hold on you and will include records of your name, address, contact details, etc. However, a Subject Access Request does not mean that you will necessarily be provided with a copy of your file, as the focus of the documents or correspondence contained within your file is likely to be the transaction or legal matter, rather than your personal information. In the event you wish to make a Subject Access Request, please contact Mrs Pauline Carter in writing or by email.
(vi) You have the right to move, copy or transfer your personal data (known as “Data Portability”).
(vii) You have rights in relation to automated decision making including profiling. However, please note that we do not use your personal data for automated decision making.
Complaints about the Use of Your Personal Data
In the event you have any complaint or concern in relation to the processing of your personal data, please contact Mrs Pauline Carter, who will provide you with a response. If you are not satisfied with the response, you have the right to complain to Information Commissioner’s Office (www.ico.org.uk)
Changes to our Privacy Notice
We may update this Privacy Notice from time to time, but our current Privacy Notice will always be available on our Website, www.hellenic.co.uk. Changes to the Privacy Notice are effective when they are posted on our Website.
You are advised to review the Privacy Notice periodically for any changes. If, however, we make any material changes to our Privacy Notice, we will notify you either through an email address you have provided to us, or by placing a prominent notice on our Website.
This Privacy Notice shall be governed and construed in accordance with the laws of England and Wales.
If you have any questions about this Website Policy and/or our Privacy Notice, please contact us