Overview
Hyperext Ltd (“we” or “us”) is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations.
Introduction
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.
If you are in any doubt regarding this notice, please contact us using the contact details at the end of this policy.
Purposes for processing personal data
We will process your personal data for the purposes: –
Management of Customer related activities such as providing products/services, product support contracts and marketing activities.
Management of supplier related activities such as purchasing of products and services.
Types of personal data we collect
The types of personal information we may process include, but are not limited to:
- Name
- Home/Business/Mobile Telephone Numbers
- Home/Business Address
- Home/Business email address
Legal basis for processing personal data
To process your information, we mainly rely on the following legal basis: –
- Performance of a contract – We will normally collect personal data from you only where we need it to perform a contract with you (i.e. to manage the customer/supplier relationship)
- Legitimate Interests – We may use your information for our legitimate interests such as website experience, emails or newsletters, improve or promote our products and services, administrative and legal purposes.
- Consent – We may reply on your consent to use your personal information for direct marketing purposes. You may withdraw your consent at any time by contacting us using the contact details at the end of this policy.
- Who we share your personal data with
- We take care to allow access to personal data only to those who require such access to perform their tasks and duties.
Information Security
We will ensure that we take technical and organisational measures to ensure, as far as reasonably possible, the confidentiality, integrity and availability of your information at all times. If you have any concerns please contact us using the contact details at the end of this policy.
Transfer of personal data abroad
We will not normally need to transfer personal data to countries outside of the United Kingdom. If we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data outside the European Economic Area (EEA), such as to the United States, we will implement an appropriate data export solution such as entering into contracts with the data importer that contain EU model clauses or taking other measures to provide an adequate level of data protection.
Data retention
Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Personal data will be kept for 12 months following the termination of customer/supplier relationships.
Your rights
You may exercise the rights available to you under data protection law as follows:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
To exercise any of these rights, please contact us using the contact details at the end of this policy.
Transfers to third-party service providers
Our carefully selected partners and service providers may process personal information about you on our behalf as described below.
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf. Such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i) Social Gains Ltd, Peel House, Peel Road, Blackpool FY4 5JX, Reg. UK Co. 10060215. You can contact Social Gains and view their privacy policy here. Social Gains is registered with the ICO, Reg: ZB693061. Their Data Protection Officer can be emailed at: drew@socialgains.co.uk.
Information We Collect
Apollo.io
This website uses Apollo.io (https://www.apollo.io), an IP address-based web analysis service for website optimization and analysis of our Internet content, advertising, and lead generation. Apollo.io works on the basis of reverse business IP tracking, which differs from cookies. Instead, a code is used, which tracks IP addresses visiting our website, identifies them as business-related, and matches them to a wholly-owned global database of businesses and business information.
The software effectively matches a business IP address with wider business data to provide valuable business-related visitor information to us, such as the date and duration of the user’s visit, and the web pages which the user visits. This data may be used by us to contact the business about their experience or for marketing purposes. We will not pass this data to third parties for any reason.
Furthermore, Apollo.io does not identify any personal IP addresses, mobile devices, or any other data than that associated with the business. It does not, and cannot, provide individual, personal, or sensitive data regarding who has visited our website.
You can object to data being processed by Apollo.io by contacting the data controller at drew@socialgains.co.uk.
Cold Emailing
As part of our lead generation efforts, we may send cold emails to business contacts whose information we have lawfully obtained through our data providers or publicly available sources. These emails are sent under the lawful basis of legitimate interests as per Article 6(1)(f) of the GDPR, which allows us to conduct direct marketing to businesses.
We ensure that all recipients of our cold emails are provided with a clear and easy way to opt-out of future communications. If you receive an email from us and no longer wish to be contacted, you can unsubscribe at any time by following the instructions provided in the email or by contacting us directly at drew@socialgains.co.uk.
Legal Grounds for Processing
Processing of data takes place on the basis of Art. 6 (1f) GDPR, which is based on our legitimate interest in the continuous improvement of our website and our marketing activities. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us on support@socialgains.co.uk if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out.
Transfers to other third parties
We may disclose personal data to third parties on other lawful grounds, including:
To comply with any legal obligations
In response to lawful requests by public authorities (including for national security or law enforcement purposes)
As necessary to establish, exercise or defend against potential, threatened or actual litigation
Where necessary to protect the vital interests of our employees or another person
In connection with the sale, assignment or other transfer of all or part of our business; or
With your freely given and explicit consent.
Issues and complaints
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.
Updates to this notice
This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by publishing this on our website www.hyperext.com. We encourage you to check this notice periodically to be aware of the most recent version.
Contact details
Please address any questions or requests relating to this notice to the Data Controller:
Karen Smith
karen@hyperext.com
01744 697929