HM Network Website Privacy and Cookie Policies

1. What data we collect and how we collect your own data.

1.1 Data about you through our web ‘cookies’ ( Our Cookie policy is also available in a separate document: Cookie Policy)

1.1.1 First category of cookies (Data that HM-Network collects).

1.1.2 Second category of cookies (Data collected by third parties)

1.1.3 The privacy web banner and the cookie control panel

1.1.4 Other methods to control the use of web cookies

1.2 Data about you through our web contact form

2. Who do we share your data with and where do we process your data?

3. How long do we keep hold of your data?

4. How we process your data

5. Your personal data rights and how to exercise them

6. Changes to our privacy and cookie policies

7. Contact and other information

Welcome to HM Network. 

We value your privacy. For this reason, we process all your personal data lawfully, fairly and in a transparent manner.

  1. What data we collect and how we collect your data.

We collect information about you through our website in two main ways. On the one hand, we collect your data through ‘cookies’ when you access our website. On the other hand, we collect your data when you ask us information through our web contact form: https://www.hm-network.com/contact/.

1.1 Data about you through our web ‘cookies’ ( Our Cookie policy is also available in a separate document: Cookie Policy)

One of the ways in which we collect your data is through web ‘cookies’. Cookies are small text files that are placed on your computer or device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Our website uses two main categories of cookies. The first category includes strictly necessary and performance cookies. The second category regards third party cookies and targeting cookies.

1.1.1 First category of cookies (Data that HM-Network collects).

HM Network collects data through this first category of cookies for three main purposes:

  1. to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.
  2. to ensure network and information security[1].
  3. to keep track that you have read our privacy and cookie policies and you are informed about how we use our cookies.

Although the use of this kind cookies for the applicable law[2] determines the collection of your personal data, the latter is restricted to online identifiers associated with your device and its characteristics. Moreover, we do not make any attempt to find out the identities of those visiting our website. We usually analyse data collected through our cookies in aggregate form, for example, through the google analytics dashboard[3].

The use of these category of cookies on the HM Network website is limited as above exposed and justifiable by law-established legitimate interests of HM Network as described by the article 6(f) of the GDPR.[4]  In this regard, HM Network commits itself to collect and process personal data from its web cookies ‘without overriding the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’ (GDPR, Art. 6(f)).

Moreover, because we are strongly committed to respecting your privacy, we make sure that you are free to consent to our cookies.

In this regard, when you visit our website we make sure you are informed of our privacy and cookie policies and you explicitly consent to the use of our cookies through a privacy web banner.

1.1.2 Second category of cookies (Data collected by third parties)

Our website may contain links to third-party websites and services, including those of social media platforms, partner networks and advertisers. These third-party websites and services may store on your device cookies and through them collect your personal data. We do not collect this data for ourselves and we do not have control over what data is collected and how this data is used. However, we inform you of the presence, name and, where possible, of the function of these cookies, and we allow you to activate and deactivate them through a ‘cookie control panel’ (Link to the cookie control panel).

You will find this category of cookies under the names of ‘Targeting Cookies’ and ‘Third Party Cookies’ on our cookie control panel.  

By default, cookies included in these categories are inactive and you may need to activate them in order to allow them to be stored on your device and to start to collect your data.

Unfortunately, we do not have control over all third-party data collection practices. For this reason, apart from the use of our control panel, we suggest you adjust the settings of your browsers and/or install plug-ins and add-ins if you wish to minimize data collections from these third-parties. For more information about this please read the following paragraphs.

1.1.3 The privacy web banner and the cookie control panel

A privacy web banner is displayed when you first access our website, when you delete our cookies from your device, and after our cookies expire (TIME TO EXPIRE). Furthermore, this web banner contains a link to our privacy and cookie policies, and a link to a ‘cookie control panel’ where you can see more details about our cookies and where you can selectively choose to activate or deactivate them. This web banner is not the only point of access to our privacy and cookie policies and cookie control panel. These can be accessed in every moment through links on our website. Thus, you will always have the possibility to modify the consent to the use of our cookies.

All cookies are ‘inactive’ by default. There are only only two exceptions. On the one hand, cookies that are strictly necessary for the functioning of our website are ‘always active’. On the other hand, our performance cookies are ‘active’ but can be disabled.

1.1.4 Other methods to control the use of web cookies

You can always control or limit the access of any cookies through your web browser. Moreover, to opt-out of being tracked by Google Analytics across all websites you can visit: http://tools.google.com/dlpage/gaoptout.

Finally, to find out more about cookies, including how to see what cookies has been set for our and other websites and how to manage and delete them, please visit: www.allaboutcookies.org.

1.2 Data about you through our web contact form

Apart from our web cookies, another way in which we collect your personal data is through our contact form: https://www.hm-network.com/contact/ 

The kind of personal data that we collect is clearly specified in the contact form.

You can use our contact form to ask us general information and quotes about our products and services. Even in this case, we will process your data in a lawfully, fairly and transparent manner and based on the GDPR Article 6(1)(b)[5]. Moreover, because we value your privacy we make sure that you have read our privacy and cookie policies, that you consent to the use of your personal data, and we will only use your data for the provision of the information that you have requested.

2. Who do we share your data with and where do we process your data?

As an IT service provider, HM Network works in partnership with a variety of professional subjects. For example, currently we use Google services for our emails and our cloud storage and we use a virtual server provider for our website. These are only two of many third parties with whom we work. For this reason, when we collect your data, we inevitably share it with our partners.

In this regard, because we really value your privacy, we carefully select our partners, and we only stipulate contracts with those that are fully compatible with the applicable law. We evaluate if they are reliable, subjected to the same level of data-privacy-and-security-related protection as ourselves, and if they have a good reputation. Finally, we also check if our partners store or transfer your data to other countries in a way that is compatible with the applicable law.

As data subject, you are entitled to request information about the identities of our partners. Moreover, when you exercise your personal data rights,[6] for example requesting the rectification, erasure or blocking of your personal data, HM Network, as your data controller, must notify its relevant partners (in this case, and by the law, ‘processors’) of the data subject's exercising of those rights. In this regard, HM Network is exempt from this obligation only if it is impossible or it would require disproportionate effort.

3. How long do we keep hold of your data?

After we collect your data, we keep hold of it for the time necessary for the purposes for which it was obtained and for a maximum of 60 days following the end of the processing activities. 

4. How we process your data

We process your data only and exclusively for the purposes for which it has been collected. Moreover, we commit to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: 1) pseudonymisation and encryption of personal data; 2) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 3) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 4) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing[7]. We are also committed to ensuring that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by the applicable law[8].

5. Your personal data rights and how to exercise them

The applicable law on data privacy and security provides you with a wide range of rights over your personal data. In this regard, after the verification of your identity[9], we commit ourselves to provide, free of any charge, an answer to the exercise of your personal data requests within one month and for complex requests within two months[10]. You can exercise the rights over your personal data through our web form at the address:

https://www.hm-network.com/contact/subject-access-request/

Some examples of your rights are (to be considered on a case by case basis): the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning your personal data or to object to processing as well as the right to data portability. Moreover, where the processing is based on your consent, as it is the case for the data collected at HM Network website, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Moreover, you have the right to ask information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed[11]. You have also the right to lodge a complaint with a supervisory authority[12] and other rights.

6. Changes to our privacy and cookie policies

HM Network will maintain updated this electronic document. Moreover, where possible, the company will notify you of any significant change to the privacy and cookie policies.

7. Contact and other information

General information about privacy: privacy@hm-network.com

HM Network Ltd is registered in England & Wales at Cotton Court, Church Street, Preston PR1 3BY No. 08421052. VAT GB162 2283 29

Tel. 0333 344 4190

Normal office hours: Monday-Friday 9.00am-5.00pm

Data subject request form: https://www.hm-network.com/contact/subject-access-request/

HM Network Ltd are registered with the Information Commissioner’s Office [ICO] under reference ZA236153.


[1] GDPR, Recital 49: The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, by public authorities, by computer emergency response teams (CERTs), computer security incident response teams (CSIRTs), by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.

[2] GDPR, Recital 30: Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

[3] Google, Google Analytics, 2018. Available at: https://www.google.com/analytics/#?modal_active=none 

[4] GDPR, Recital 47 also states that fraud prevention constitutes a legitimate interest. Recital 49 also states that necessary and proportionate processing for network security constitutes a legitimate interest.

[5] GDPR, Article 6 (1)(b): Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

[6] GDRP, Recital 62; Article 17(2), 19. You can ask us information about your personal data through the following contact form: https://www.hm-network.com/contact/subject-access-request/

[7] GDPR, Article 32(1)

[8] GDPR, Article 32(4)

[9] GDPR, Recitals 57, 64; Article 12(2), (6)

[10] GDPR Recital 59; Article12 (3)-(4)

[11] GDPR, Article 15

[12] GDPR, Article 13