This privacy policy sets out how Oxhey Hall Consulting uses and protects any information that you give Oxhey Hall Consulting when you use this website.

This version of our privacy policy was last updated on 29th May 2018.

Oxhey Hall Consulting Limited (“Oxhey Hall Consulting” or “we”) is committed to privacy. This privacy policy describes our practices in connection with information that we collect through our website. If you have questions on privacy issues, please email us at dpo@oxheyhall.com.

Our contact details are:

Legal entity: Oxhey Hall Consulting Ltd

Email address: dpo@oxheyhall.com

Postal address:  Oxhey Hall Consulting Ltd, The Wenta Business Centre, Colne Way, Watford, WD24 7ND

Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However we would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Information about our customers end users

We handle information relating to our customers, or end users as a service provider on behalf of our customers. Our use of such information is governed by separate agreements with our customers. In addition, such information may be subject to our customers’ own privacy policies. This privacy policy does not apply to such information.

Data Protection Legislation

Oxhey Hall Consulting complies with applicable Data Protection Legislation including the General Data Protection Regulation (EU) 2016/679 (GDPR) or any other similar or equivalent laws enacted by the UK that relate to data protection and/or replace the GDPR. In this privacy policy we refer to Personal Information in accordance with its definition in the GDPR, which is information that identifies you as an individual or relates to an identifiable individual, including:

Name

Telephone number

Email address

We may need to collect and process these types of Personal Information in order to provide services to you, or because we are legally required to do so. If you do not provide the information that we request, we may not be able to provide you with services.


Data Collection

We only collect identifiable Personal Information that is specifically and voluntarily provided by a visitor to our site. For example, a visitor to our site may choose to provide information such as name, title, office address, office email address and telephone number in order to:

Visitors are also able to send email to us through the site. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.

Use of Personal Information

When a visitor provides Personal Information to us, we (or our service providers) use it for the Legitimate Interests (defined below) of our business and for the purposes for which it was provided to us by you as stated at the point of collection (or as is obvious from the context of collection), for example the fulfilment of a contract (also defined below). In addition to the examples of use given in the Data Collection section above, Personal Information is used:

Our website does not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.

Sensitive Data

We do not seek any sensitive personal data through this website. Sensitive personal data includes data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record.


Disclosure to Third Parties

Our policy is not to share personally identifiable information with any third parties, unless required by law, or unless explicitly requested by a visitor or otherwise as set out in this section. We recognise that your information is valuable and we take all reasonable measures to protect your information while it is in our care.

We may subcontract some areas such as distribution of publications and organisation of events and conferences, and so if a visitor submits Personal Information as part of a request relating to these areas, we may disclose certain data to third parties in order to fulfil these requests (e.g. when ordering a publication we display the party fulfilling the order).

We may also disclose Personal Information to our third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services.

Other uses and disclosures

We may also use and disclose your Personal Information as we believe to be necessary or appropriate: (a) to comply with applicable law, which may include laws outside your country of residence, to respond to requests from public and government authorities, which may include authorities outside your country of residence, to cooperate with law enforcement, or for other legal reasons; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Security

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. In particular, we ensure that all appropriate confidentiality obligations and technical and organisational security measures are in place to prevent any unauthorised or unlawful disclosure or processing of such information and data and the accidental loss or destruction of or damage to such information and data. Only authorised Oxhey Hall Consulting personnel are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information.


Choices and Access to Information

You have certain rights in relation to your Personal Information, which we summarise at the end of this privacy policy.  If you would like to request to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided to us, please email us at dpo@oxheyhall.com.  We will respond to your request in accordance with applicable law.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we will only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed but this will not be personally identifiable information.   When practically possible, if Oxhey Hall Consulting is informed that any personal data collected through a web site is no longer accurate, Oxhey Hall Consulting will make appropriate corrections based on the updated information provided by the authenticated visitor but we have no responsibility with regard to the accuracy of information where we have not been informed of any inaccuracy.

Unsubscribe

Should visitors choose to unsubscribe from mailing lists or any registrations, we will provide instructions, on the appropriate webpage or in communications to our visitors, or a visitor may contact by email to dpo@oxheyhall.com detailing the sending email address of the communication that they wish to be removed from.

Data Retention

We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide any services to you; (ii) when we have legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

For example, contact information about visitors (such as information generated though registration for access to areas on the site) will be kept as long as the information is required to completely service the contact request or until a user requests that we delete that information. Mailing list information, discussion posts and email are kept for only the period of time considered reasonable to facilitate the visitor’s requests. Resumes are disposed of when they are either no longer under consideration, or are considered dated by our human resources department.

Cookies and Log Files

We use small text files called ‘cookies’ to assist in providing a more customised website experience. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area. The use of cookies is now standard operating procedure for most websites. However if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. In most cases, a visitor may refuse a cookie and still navigate our website.

In order to properly manage our website we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.

Sensitive Information

We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

Jurisdiction and cross-border transfer

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our services you consent to the transfer of information to countries outside of your country of residence, including the United States which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

Email Communications

If you are subscribed to any of our mailing lists we may use ‘web bugs’ (one pixel invisible images) contained in the email to track whether you open the message. Unless you have chosen not to download images automatically in your email client, your opening of the email will report back to our systems that you have read the message. We may also employ tracking of any links you click in our messages. Any data we collect is used by our marketers for aggregate analysis.

Third Party Links

There may be pages on our sites which include links to websites which are owned and operated by third parties and so which do not operate this privacy policy. When you link to other websites, this privacy statement and our privacy practices no longer apply. We encourage visitors to review each site’s privacy policy before disclosing any personally identifiable information.


A summary of your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your Personal Information.  You have the right to:

Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us at dpo@oxheyhall.com.

Legal Definitions

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of Contract means processing your Personal Information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

End of Privacy Policy