Privacy Policy

Who we are

Our website address is: https://www.highhopesconsulting.co.uk.

What personal data we collect, why we collect it and who we share it with

Contact form

If you use our contact form, we capture your email and name when you submit the contact form and keep it whilst you remain in contact with us. We do not use the information submitted for marketing purposes.

The legal basis for this processing is consent.

Contacting Us Via Email

We may process data enabling us to get in touch with you. This may include your name, email address, telephone number, postal address and/or social media account identifiers. The source of the contact data is you.

The legal basis for this processing is consent.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

The legal basis for this processing is consent.

Signing Up for Our Newsletter

If you sign up for our newsletter, you agree to us sending emails to you on a regular basis with news, articles and promotions. You may unsubscribe from the email at any time by clicking the unsubscribe link in the email.

We use Mailchimp to handle our newsletters. Their servers are based in the US, however they have signed up to the US Privacy Shield and due to the recent EU court ruling are also SCC compliant

For more details see

https://mailchimp.com/legal/privacy/

https://mailchimp.com/legal/data-processing-addendum/

https://mailchimp.com/help/about-mailchimp-and-the-gdpr/

The legal basis for this processing is consent.

Sending Emails

For email broadcast purposes your email address will be added to our third party cloud-based delivery system (SendInBlue). Your data is not subject to any form of additional processing and is not shared with any third party. The SendInBlue servers are located within France and the organisation is itself bound by GDPR regulations relating to data processing and security. Further information on SendInBlue's compliance can be found at https://www.sendinblue.com/legal/privacypolicy/

The legal basis for this processing is consent via our contact form.

Web Hosting and Backups

Your personal data held in our website database will be stored on the servers of our hosting services providers https://www.heartinternet.uk/, backups are made using Microsoft Services and stored on UK based servers. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

Security

What personal data we collect and why we collect it - Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.

Direct marketing

We may process contact data, account data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is consent.

Web Design

We may disclose your contact data to our web designer identified at www.briidea.co.uk insofar as reasonably necessary for design and update of the website. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.

Insurance and Legal Claims

Maintaining insurance cover, managing risk and obtaining professional device - the legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

Defence of initiation of legal claims - The legal basis for this processing is our legitimate interests, namely the protection of our legal rights, your legal rights and the legal rights of others.

To meet any legal obligations, in order to protect the vital interests of you or others.

How long we retain your data

Personal data that we process shall not be kept for longer than is necessary.

Specifically, we will retain your personal data as follows:

• Security logs are retained for 60 days.
• Contact details for our newsletter are kept for as long as subscribed to our newsletter

What rights you have over your data

Your principal rights under data protection law are:

1. The right to be informed – you have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.
2. The right of access – you have the right to ask for access to your personal data
3. The right to rectification – you have the right to ask for correction and completion of inaccurate personal data
4. The right to erasure - you have the right to ask for deletion of your personal data. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
5. The right to restrict processing – you right to request the restriction or suppression of your data but applies in certain circumstances only.
6. The right to data portability – you have the right for a copy of your data so you can transfer to another organisation
7. The right to object – you have right to object to the processing of your personal data
8. Rights in relation to automated decision making and profiling.

You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

These rights are subject to certain exceptions.

You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

How we protect your data

We use encryption, backup, security on both the website and the website server.

What data breach procedures we have in place

We have a data breach process, that records any data breaches and notifies the relevant authorities within 72 hours of the breach occurring.

Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

Our details

The data protection officer can be contacted via nicolahopes@highhopesconsulting.co.uk

This website is owned and operated by High Hopes Consulting

Our principal place of business is at 

You can contact us:

(a)    by post, to the postal address given above

(b)    using our website contact form;

(c)    by telephone, on the contact number published on our website; or

(d)    by email, using the email address published on our website.

Last updated September 2020