Hampstead Tree Neuro Rehab Limited
General Data Protection Regulations
1. What Data is Covered?
This policy details he obligations of Hampstead Tree Neuro Rehab Limited regarding data protection and your rights under current EU Regulations ?General Data Protection Regulations.( GDPR )
Your data will be processed, lawfully, fairly and transparently and only collected for specific, explicit and legitimate purposes and not processed further for any incompatible purposes other than the original purpose for collection.
In this privacy notice, ? personal data ? means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as names, an identification number such as a national insurance number, location data or an online identifier such as an IP address.
Personal data also refers to one or more factors specific to the physiological, genetic, mental, economic, cultural or social identity of an individual.
2. Purposes For Which We Collect And Process Personal Data.
For the performance of our professional services; we provide services to clients, ( our clients ) .
The data we collect depends upon the services provided to you and we only process personal data for the purpose for which it was collected.
The Purposes for which we process data and the legal basis for doing so
*for the performance of any contract we enter in to with you or pre-contract due diligence enquiries should no contract subsequently be entered in to
* for either our or your legitimate interest
* in respect of any legal obligation we are subject to
* where you have provided your consent for us to do so
* where necessary to do so
Visitors to the www.HTNeurorehab.com website – we also collect personal data about you when you visit our website.
Information which you provide to us voluntarily – for example when completing an online form to contact us. Or when agreeing to subscribe to a newsletter or when registering with us to receive our services. Such voluntary information may be in the form of;-
* Job title and role
* Company organisation
* Company data
* Contact information such as mobile number, email address and other telephone numbers.
* Demographic information, such as industry, post code any preferences and interests
* Any other relevant information to enable us to offer and supply our services to you
Any information which you provide on this basis which may be sensitive is not collected or processed intentionally. Such information is provided by you on a voluntary basis and you acknowledge and agree that such information may be processed by us.
If you register on our site or, or instruct us in respect of our professional services, your personal data is collected and stored in our storage facility within our computer system and any data held on individuals who have not been engaged or ceased to be engaged by us is deleted after a period of 18 months or sooner if required by law.
If you opt out of any of our services, your basic data will remain on our opt out list.
Cookies – data which is automatically collected when you visit our site through cookies – When you visit our site, we automatically collect certain personal data from your device, if you allow us.
Through our website, in allowing Cookies ( which are small files ) they will transfer this small file to your computer hard drive through your web browser. This enables the site
( or our service provider ) to recognise your browser and capture and remember certain information. Such data is;-
* IP address
* Unique device identifier number
* Device type
* Browser type
* Geographical location eg country or city location
* Other technical information
We collect this information to improve the services supplied to you and it enables us to better understand the visitors to our site.
The purposes for which we collect and/or process your personal data as a visitor to our site;-
* To assist in administering and managing our site.
* For site security for example to authenticate your identity and to prevent unauthorised access to the site.
* To more personalise your visits to our site, so we may enhance your experience.
* To analyse visitor data so as to enhance our marketing and other communications.
* To understand which feature of the site visitors, use.
* To assist us in monitoring and enforcing all relevant regulations and applicable compliance.
* To assist us in continual risk management assessment.
* Any other purposes for which you provide us with your information.
Legal grounds for processing personal data of visitors to the site;-
* For the effective and lawful operation of our business.
* To improve and develop our site to enhance visitor experience.
* Any matter for which we have been given your explicit consent.
If you would like to know more about cookies, please go to www.allaboutcookies.org
Other purposes we may collect personal data from you can be; –
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity(b) Contact||Performance of a contract with you|
|To process and deliver your order including:(a) Manage payments, fees and charges(b) Collect and recover money owed to us||(a) Identity(b) Contact(c) Financial(d) Transaction(e) Marketing and Communications||(a) Performance of a contract with you(b) Necessary for our legitimate interests (to recover debts due to us)|
|To enable you to partake in a prize draw, competition or complete a survey||(a) Identity(b) Contact(c) Profile(d) Usage(e) Marketing and Communications||(a) Performance of a contract with you(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity(b) Contact(c) Technical||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)(b) Necessary to comply with a legal obligation|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity(b) Contact(c) Profile(d) Usage(e) Marketing and Communications(f) Technical||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical(b) Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity(b) Contact(c) Technical(d) Usage(e) Profile(f) Marketing and Communications||Necessary for our legitimate interests (to develop our products/services and grow our business)|
We may also collect data when;-
Recruitment – personal data may be collected directly from a job applicant, or indirectly via a recruitment agency when you or they correspond with us by telephone, email or online .
3. Service Providers
We may employ third party companies and individuals to facilitate our service (? Service Providers? ) to provide the service on our behalf, to perform service related services or assist us in analysing how our service is used.
These third parties have access to your personal data only to perform these tasks on our behalf and are obliged not to disclose or use it for any other purpose. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose it or use it for any other purpose.
We may use third-party service providers to monitor and analyse the use of our service.
4. Transfer Of Personal Data And Its Security
We take all appropriate security and legal precautions to safeguard the safety and integrity of all of your personal data that is collected and used within the company. Your personal data will only be accessed by persons within the company who have a legitimate need to do so.
Access to the confidential data we collect is limited and we have policies and procedures in place to safeguard your information from loss, miss-use and improper disclosure.
All of our employees are subject to a company privacy and confidentiality policy which ensures that they are contracted to understand your confidentiality requirements and will work to the best of their ability in line with this policy.
5. Your Rights And Our Companies Procedure
You have the following rights in relation to your personal data;-
* You may access the data we hold about you
* If you note that your data is incorrect or incomplete you have the right to have that data corrected.
* You may opt out of any of the services provided, but please note some services we may be unable to provide should you do so.
* You may request that we delete your personal data ( this subject to any legal requirement we may have to retain such data ).
* You may request a copy of your personal data held, this may take up to thirty ( 30 ) days.
* You have the right to withdraw your consent to the use of any of your personal data for which you have previously given your consent to the use of.
* You have the right to complain to the Data Protection Authority, such a complaint should be directed to the authority in your country or a relevant court of competent jurisdiction. We do however have a complaints procedure which we will deal with any complaints you may have, any such complaint should be directed to us at email@example.com who will acknowledge your complaint and ensure it is investigated honestly and fairly and inform you how it will be handled.
If you have any other queries or wish to exercise any of your rights in respect of your personal data please contact us at firstname.lastname@example.org.
You may also complain directly to https://ico.org.uk/
6. Who We Disclose Your Personal Information To
We will disclose your personal information to the following;-
* As described in clause 2 of this policy
* If required by law
* If we believe disclosure is appropriate to enforce any of our terms and conditions, to protect and defend our rights, property or safety.
* In compliance of any court order, proceeding or under any other legal obligation, regulatory or government requirement where we are specifically directed to do so.
* With your consent.
Third Party Recipients of Personal Data include;-
* Professional advisors such as law firms, tax advisors or auditors all of whom are subject to privacy and confidentiality laws and regulations.
* Regulatory and other such bodies.
* Providers of identity verification services.
* The courts, police and other relevant law enforcement agencies.
* Relevant government departments and agencies.
* Our service providers.
7. How Long Do We Retain Your Personal Information
We retain your personal information only as long as it is needed by us see clause 2, thereafter we only retain any information as long as it is required under the regulatory requirements, we are subject to.
To ensure we meet our legal liabilities we may retain some information for a significant time. Examples of the reason for this could be, to protect, defend or exercise our legal rights or for archiving and historical purposes.
8. Data Security And Breaches
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business to need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal security breach and we will notify you and any applicable regulator of a breach where we are legally required to do so.
If there is a security breach or a suspected security breach, we will inform you of the breach or suspected breach immediately it is known to us and report it to the appropriate regulatory body.
Once such a breach is discovered we will use all reasonable business measures to correct the breach and prevent any further breaches and recover or delete any lost information.
9. Your Legal Rights
Under Certain circumstances, you have rights under the data protection laws ( General Data Protection Regulations ) in relation to your personal data. Specifically, you have the right to:
Request Access to your personal data; Request correction of your personal data; Request erasure of your personal data; Object to processing of your personal data; Request restriction of your personal data; Request transfer of your personal data; and/or Right to withdraw your consent.
If you wish to exercise any of these rights set out above, please contact us.
No Fee Is Usually Required
You will not have to pay a fee to access your personal data ( or exercise any of the other rights ). However, we may charge you a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data ( or exercise any of your other rights ). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it could take longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Performance Of Contract
This means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Personal data may be collected directly from a job applicant, or indirectly via a recruitment agency when you to they correspond with us by telephone, email or online.
If you are a supplier, subcontractor or an individual associated with them we will collect and process personal data. We process data only for the purpose for which they are collected. See Clause 2.
11. International Transfers of Personal Data
Your personal data may be transferred to and stored outside of the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protections for your personal information. At least one of the following safeguards will be implemented:
We will only transfer your data within the EEA, transfer outside the EEA will only take place where we are able to ensure a similar level of protection for your personal information;
Where we will use specific service providers, we may also use certain contracts approved by the European Commission which give the same protection to personal Data as provided in Europe.
If your personal data is going to be transferred and stored outside of the country and none of these safeguards are available, we may request your permission and explicit consent to the transfer.
You have the right to withdraw your consent at any time.
12.Other Legal Compliance
Because the Company values your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We will therefore not distribute your personal information without your consent.
13. Changes to this Policy
We will, from time to time, make changes to this policy. This may be to ensure that we continue to be in line with the legal requirements and any regulatory changes made in law. We may also change our practices to better serve our and your needs. We will revise the, ?last updated? date at the top of this notice and will, if such changes are material, post a prominent notice of the changes on the website.
We request that you read this policy from time to time and keep your personal information up to date at all times.
Date last updated 25-09-2020