Last Updated: 16th June 2022
We respect your privacy and understand that privacy is important to you and that you care about how information about you is used, so this privacy notice sets out details about what data we collect and how we use it.
Visitors to our website
Where we collect personal data via this website (https://hantec.co.uk/) we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it.
The website hosting platform we use, provides website statistics. We only have access to aggregated data showing us which pages have received visits, where the website visitor originated from (referrers), where in the world the visitor is from, etc. We have no access to any data relating to individuals so are not able to individually track website visitors or their behaviours. The website platform provider maintains a log of visitor IP addresses (and platform associated usernames (if available)) to enable the stats feature to function – they keep this information for up to 28 days.
Other cookies used, tracking pixels or similar tools
If you fill out one of our website forms a notification email is sent to the relevant team within our company and stored within our email system. No copy of the data you submit is stored anywhere else. As our site uses SSL (https) the data you submit using the contact form will be encrypted once your press the “Submit” button.
Some of our forms may also store the information you submit within the website database. We tend to avoid this happening where possible, so will only store the information if it is necessary.
People who receive our newsletters
If you have subscribed for our updates email, your name and email address will be stored within our mailing list package. You will have the option to unsubscribe from the email list at any time, either by contacting us or using the unsubscribe link at the bottom of the emails we send.
People who use one of our services
Signing up for our services
Whether you sign up for our helpline, access to our online resources or receive pay-as-you-go support or services, the minimal amount of information will be collected from you for the purposes of providing the service. We will store your contact information in our CRM system and our accounting package for invoicing purposes. We will keep this information within our systems for as long as it is lawful for us to do so and will delete your data as soon as it is no longer needed. If these online systems store our data outside the EU, we will always make sure they are GDPR compliant and have confirmed how they meet the GDPR requirements with regards to non-EEA data transfers.
If you sign up for our Toolkit service, this is a subscription based services which will mean that we will ask you to pay monthly or annually using one of our payment providers. We do not collect any payment information ourselves and you should visit our payment provider’s own privacy policies to understand how they will use your data.
If you receive advice via our helpline or advice services then we may record a transcript of our advice in both our email (if support is given via email, or telephone support is followed up by email) and/or in our CRM (as notes associated with your contact details). If you provide us with confidential materials or personal data (for the purposes of us providing you with advice) we will, where possible, avoid recording this in our CRM system, but may keep a copy of the information within our email system. We keep these records of our support conversations for future reference and for the purposes of being able to demonstrate, if required, the advice we gave.
Purchases of specific content
From time to time we will also offer downloadable content and services for purchase from our website. If you purchase such a product or service, you will be asked to set up an account and you will be asked to provide a range of minimal information required for us to set up the account so you can complete your purchase.
All information you provide is required for the purposes of delivering the product or service to you. The information is stored within our website database which is managed within the website backend.
We use a third-party to collect payments. We do not hold any billing or financial information relating to your purchase, only notification that a payment has been made. Any information you provide to our payment gateway provider is provided by you according to their own privacy and data protection compliance.
Purchases of our security screening services
We collect personal data for the purpose of carrying out background screening services on behalf of our clients. Processing of data from our clients will be to fulfil our contractual obligations and processing of data received from applicants will be as a result of the consent we have obtained from them.
What Personal Information do we collect?
From our Clients:
Company information – Name, address and contact details; legal ownership and registration details; trading address
Contact information – Contact name, job title, business address, business phone number/mobile number/email address
User information – Contact name, job title, business phone number/mobile number/email address
Personal details including name and contact details. We will also ask about previous experience, education, referees and for answers to questions relevant to the role they have applied for or are already carrying out.
Who will we share your Personal Information with and why?
We will only share your personal data with a third party if we have your consent to do so, if it is necessary to fulfil contractual obligations to you, or if we are obliged to do so by law (e.g. Police investigation).
Below are the data processors we use during the screening process:
Reference checks are processed via E-Sign. Here is a link to their Privacy Notice: https://www.e-sign.co.uk/privacy/
Disclosure and Barring Service
Criminal Record Disclosure applications are processed by the Disclosure and Barring Service and they will hold the information you submit and we will have access to it. Here is a link to their Privacy Notice: https://www.gov.uk/government/organisations/disclosure-and-barring-service/about/personal-information-charter
These checks are conducted by Care Check. Here is a link to their Privacy Notice: https://www.carecheck.co.uk/about/policies/privacy-policy/
Consumer information and sanctions reports
Consumer information and sanctions applications are processed by the CYS Online and they will hold the information you submit and we will have access to it. Here is a link to their Privacy Notice: https://www.cysonline.co.uk/ProductImages/CYSO-GDPRPrivacyPolicy.pdf
People who contact us by email
If you email us, your email will be stored via our email provider’s platform and are accessible on our computers via our email client which uses a local copy of the emails (as well as them being available via a web application). Access to them is protected via device and email-service passwords.
Our use of social media
We run a number of social media channels, but do not collect or process any information outside of those channels.
Our use of Teams and Zoom
From time to time you might join us on a Teams/Zoom call. We use third-party software when we do this.
When you register to access a Teams/Zoom call, we will collect the basic information about you necessary, typically this will be your name and email address. We will only use this information to follow up after the call.
As a host of these calls we may also be provided with a range of additional information which is usually aggregated (so not personal), such as viewing statistics and interest ratings. Whilst we may use this data out of interest, we do not process it for any other purpose.
Use of these services are subject to their own terms and conditions, privacy notices and cookie notices and you should read these carefully before agreeing to join a call/webinar or install their software on your device:
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
Third party processors
We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations to support our business.
In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.
We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.
Under current data protection legislation in the UK, you have rights as an individual which you can exercise in relation to the data we store and process about you. You can find more information about your rights on the Information Commissioner’s website: https://ico.org.uk/for-the-public/
If you want to make a compliant about the way we are processing your data, you can contact us, using the contact details below. You also have the right to complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/
How to withdraw consent and object to processing
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email. Otherwise, you can contact us, using the contact details below.
If you wish to raise concerns about the way we are processing your data or would like to raise an objection, then please contact us, using the details below, with your concerns.
Keeping your data up to date
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us using the contact details below.
Erasure of your data (the “right to be forgotten”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If you wish to exercise your right to be forgotten, please contact us via the contact details below.
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them). Please contact us, using the contact details below, if you wish to receive a CSV export of your data.
Access to your data
You have the right to ask us about what data we hold about you, how we process it and provide you with a copy of the information, free of charge and within one month of your request.
To make a request for any personal information we hold and process about you, we would prefer it if you could put it in writing or in an email to the addresses below. We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting.
Disclosure of information
We do not share any personal data with any third parties unless it is lawful for us to do so, if required by law to do so or if you provide us with permission to do so.
For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk
Our contact details and details of our DPO
If you have any questions about how we collect and use your information not covered in this privacy notice, or if you wish to speak to someone about our approach to data protection and privacy, please contact: Paul Wallis via [email protected]
We are not mandated to have a DPO, but as Paul Wallis acts as an outsourced DPO, he has the DPO skills, so acts as our internal DPO.
Changes to our privacy notice
We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at https://hantec.co.uk/privacy-policy
How to contact us