1. About us

1. About us

HFL Consulting is committed to upholding your privacy as a valued client, prospective client or user of this website. The personal information about you that we collect, process or use (‘personal data’) is held securely and treated in accordance with this Policy. Whenever you give us personal data, you are consenting to collection and use as explained at the time of collection and in this Policy.

We operate an integrated communications programme which means we use your personal data to communicate with you through several different channels, including direct mail and email. Our aim is to keep you up-to-date with the latest news, our services, and our training and events programmes. However, if you feel you no longer wish to receive direct mail or email communications from us, you can opt out at any time.

This Policy is designed to help you understand what information we collect, why we collect it and how we use it, and to explain the rights you have as an individual in connection with your personal data, including how to contact us or to make a complaint.

This Policy applies to HFL Consulting Ltd, who we also refer to throughout as “we”, “us” or “our”, and to any personal data held by HFL Risk Services Ltd and picme Ltd before 2 December 2014, which is the date that HFL Risk Services changed its name to HFL Consulting, incorporating the services of picme. See below for our Contact details.

HFL Consulting Ltd is registered as a data controller with the Information Commissioner’s Office (ICO), which is the UK’s supervisory authority set up to uphold information rights. As a data controller we are responsible for ensuring that when we process personal data we comply with EU and UK data protection law and use it in accordance with our client’s instructions and our professional duty of confidentiality.

If you have any questions about our Privacy Policy, please get in touch with your usual HFL Consulting contact or see below for our Contact details.

This Policy may change from time to time and in response to guidance and best practice advice issued by the ICO. Changes will be communicated via our website, but we will also inform our clients of any key changes in writing. This Privacy Policy was last updated on 11 May 2018.

2. Why we collect and process Personal Data

As a professional services provider, we collect and maintain information about companies that use or could benefit from our services.  To help us communicate effectively with those companies, we also collect the professional details of individuals who might engage us, work with us or be involved in the decision-making process to appoint us. Information is limited to that necessary for us to carry out our business activities, but it may include:

• Occupation, professional interests, and contact details
• Professional Information, including qualifications and experience relevant to our services
• Technical (IT) personal data in connection with details of visits to our website

In general terms we will collect and use personal data to:

• Provide professional services to companies and manage our relationships with them
• Provide individuals, in their professional capacity, with information about us and the services we offer that may be of interest to them or their organisation
• For the performance of our contracts or to take the steps necessary before entering into a contract
• Help us to improve our business and the services we offer

3. How we collect Personal Data

We will collect personal data from you in person when we meet you or through correspondence with you or colleagues in relation to the services we provide, and via our website and secure online training portal.

Third parties may also provide us with personal data to enable us to deliver our services to you in your professional capacity. The processing of this information may be necessary to enable us to enter into a contract and/or to support contract execution. We do not obtain commercially available email or mailing lists from third parties.

Other sources of personal data could include, but may not be limited to, the following:

• Publicly accessible registers and directories
• Company websites and social media
• Electronic communications systems and mail

When you provide personal data to us relating to a third party you confirm that you have any necessary permission or authority to do so. You are also responsible for ensuring that the provision of that personal data complies with data protection and other applicable law.

Visitors to our website

Our website does not store or collect any personal information about site users. The system will record your email address and other information if volunteered to us by you through certain sections of the site, for example when commenting on a blog post, requesting information about our services or registering for a training course. This information will be treated as confidential. It may only be used for internal review and to contact you regarding any feedback.

We also use technology to track the patterns of behaviour of visitors to our website. This can include using a “cookie” which would be stored on the hard drive of your computing device. Please read How we use cookies for more information.

Our website is not intended for children and we do not knowingly use it to collect data relating to children.

How we use cookies

A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

In general, we use cookies and our records of the pages users have visited to gather information about all our users collectively, such as what areas users visit most often and what services are accessed most. We only use such data in the aggregate. This information helps us decide what is most beneficial for our users, and how we can continually create a better overall experience for our users and improve our website to tailor it to customer needs.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

The information below explains the cookies we use and why.

Cookie: Facebook Pixel

Name: Fr

Purpose:  These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

More information  Click here for an overview of privacy at Google

Cookie: Twitter Pixel

Name: guest_id, personalization_id

Purpose:  These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

More information  Click here for an overview of privacy at Google

Cookie: Google Analytics Cookies

Name:   _utma    _utmb   _utmc  _utmz

Purpose:  These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site, using a service provided by Google Analytics. For more information about Google’s privacy policy, please use this link: www.google.com/intl/en/policies/privacy

More information  Click here for an overview of privacy at Google

Cookie: LinkedIn

Purpose: These cookies allow us to collect user data through our website for the purposes of marketing to on LinkedIn.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

You can easily remove any cookies that have been created in the cookie folder of your browser. For example, if you are on a Windows machine, here are the steps on how to use Windows Explorer to erase cookie files:

• Click on ‘Windows Explorer’
• Click on ‘Tools’
• Click on ‘Internet Options’
• Click on the ‘General’ tab
• Click on the ‘Delete’ button in the ‘Browsing History’ section
• Click on the ‘Delete Cookies’ button next to the ‘Cookies’ section
• Close when finished
• Click on the ‘OK’ button to close

4. How we use Personal Data

Lawfulness of processing

Under data protection law, we can only use your personal data if we have a proper reason for doing so, examples include circumstances where:

• You have given consent to processing for one or more specific purposes
• Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract
• Processing is necessary for compliance with our legal obligations
• We have legitimate interests

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will always balance any potential impact on you and your rights before we process your personal data for our legitimate interests.

We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Marketing communications

We may use your personal data to send you the latest news and provide updates about our services, including new services, and training and events that might be of interest to you in your professional capacity, or your organisation.

We have a legitimate interest in processing your personal data for our business development purposes. This means we do not usually need your consent to send you updates and information about our services. However, as part of satisfying the balancing test conducted under our Legitimate Interests Assessment, we will only collect data that are strictly necessary to meet our stated business needs and then only use this information in our dealings with you in your professional capacity, in ways that you might reasonably expect us to in a business to business environment.

We will always treat your personal data with the utmost respect and we will never sell or share personal data with other organisations for marketing purposes.

You also have the right to opt out of receiving marketing communications at any time by:

• Using the ‘unsubscribe’ link in our marketing emails
• Contacting us using the enquiry form at the bottom of this page or by telephone on +44 (0)161 304 5902

If you should ask us to provide services in the future, or if there are changes in the law or the structure of our business, we may ask you to confirm or update your marketing preferences.

Who we share Personal Data with

We may need to share personal data under binding confidentiality agreements with our employees, contractors, partners, agents or business advisers, to carry out commercial negotiations and/or deliver services.

Our IT support and service providers may also access your personal data through the course of their work in providing support to us.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect it. We also enter into contractual arrangements with service providers to ensure they can only use your personal data to provide services to us.

Where your Personal Data is held

Information may be held at our offices and in secure data centres in the UK and European Economic Area (EEA), with all reasonable technological and operational measures in place to safeguard it from unauthorised access.

We also use hosted services provided by global companies operating secure data centres around the world. For operational reasons, they may transfer data to centres outside of the EEA but where this takes place, data will remain protected by appropriate safeguards in line with EU law.

In certain limited circumstances we may also need to access personal data from outside of the EEA, as outlined below.

Accessing your Personal Data from outside of the EEA

To deliver services to you and your organisation, it is sometimes necessary for us to access your personal data from locations outside of the European Economic Area (EEA), for example:

• Where there is an international dimension to the services we are providing
• If you are based outside the EEA
• If a member of our staff needs to access it remotely while travelling outside the EEA

In these circumstances, we undertake an assessment of the level of protection provided and the circumstances surrounding access. We will make sure that any transfers are limited to the minimum amount of information possible and with appropriate safeguards in place.

How long your Personal Data will be kept

We will only retain your personal data for as long as is necessary to meet our business needs, which may include the need to satisfy any legal or contractual obligations.

When it is no longer necessary to retain your personal data, records will normally be deleted but information may be anonymised for research purposes. Once anonymised, this information can no longer be used to identify you and so we may use it indefinitely without further notice.

To determine the appropriate retention period for personal data, we consider business needs, the amount, nature, and sensitivity of data, and the potential risk of harm from unauthorised use or disclosure.

In some circumstances you can ask us to delete your data, see  Your Personal Data and your rights.

How we protect your Personal Data

Keeping information secure is a key part of data protection compliance. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, contractors, partners, agents or business advisers who have a need to know to support our stated business activities, and then only when under a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If we have given you a username and password which allows you to access our online training portal, you are responsible for keeping it confidential.

5. Your Personal Data and your rights

You are entitled at any time to ask us for a copy of personal data we hold about you, known as a data subject access request. You are also entitled to ask that any information we hold about you is supplemented, updated or rectified. You can make any of these requests free of charge by contacting us – see Contact details.

In certain circumstances you can also ask us to restrict our processing of your personal data, for example if you contest the accuracy of it. We will always review your request and will inform you if we decide we are not required to action it. If you require us to restrict or stop processing your personal data in any way, this may impact on our ability to provide our services to you and your organisation.

We will aim to respond to your request within one month once we have assessed how feasible your request is, considering the technical aspects involved.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK ICO on individuals’ rights under the General Data Protection Regulation.

We do not use your personal data for automated decision making.

6. How to complain

We hope that we can resolve any query or concern you may raise about our use of your information. If you want to complain about how we have handled your personal data, please get in touch with your usual HFL Consulting contact or through the enquiry form below. We will investigate your complaint but if you are not satisfied with our response or believe we are processing your personal data unlawfully, you can complain to the UK Information Commissioner’s Office. Further information is available on the ICO website or telephone 0303 123 1113.

The EU General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) State where you work, normally live or where any alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner.

7. Contact details

if you have any questions about this Privacy Policy or the information we hold about you please contact us by post, telephone or by email using the enquiry form below.

By post:

Data Protection Enquiries
HFL Consulting Ltd
Freeman House, Orbital 24, Oldham Street
Denton
Manchester
M34 3SU

Telephone:

+44 (0) 161 304 5902