Privacy Policy
This privacy statement explains how Bearnes Hampton & Littlewood Ltd will handle your personal data. It sets out how we will use and protect your personal data as well as how we will communicate with you. It explains how we acquire your data, states the categories of personal data we collect, establishes the legal bases we have for processing it and sets out our reasons for doing so. We are committed to protecting your privacy in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2011 and the EU General Data Protection Regulations 2016. We are committed to being completely open and transparent about how we handle your personal data. We comply with our obligations under data protection legislation by keeping personal data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. When you use our computing or communication facilities (such as web sites and services, blogs, social media, telephone and facsimile systems, voicemail, email, FTP servers and newsgroups), you agree to be legally bound by this statement. If we ask you to provide information that could identify you or otherwise collect such information then you can be assured that we will only use it in accordance with this privacy statement. Bearnes Hampton & Littlewood Ltd may change this statement from time to time. Any changes will take effect the moment they are posted to www.bhandl.co.uk/privacy. The amendment or variation will apply to your use of our computing and communication facilities and to any services we offer to you from that point forward. While we may notify you directly of changes to this policy, we recommend that you check www.bhandl.co.uk/privacy periodically for any changes. This statement is effective from 25th May 2018.
Bearnes Hampton & Littlewood Ltd is a private limited company registered in England and Wales under number 3857887. Its registered office is at St Edmund’s Court, Okehampton Street, Exeter, Devon, EX4 1DU, United Kingdom. You can contact us on (01392) 413100 or by email via info@bhandl.co.uk.
Bearnes Hampton & Littlewood Ltd is the data controller for all personal data processed for or on its behalf.
Our websites use cookies in accordance with the terms of this statement. Our separate Cookies Statement provides detailed information about cookies and how we use them. When you visit one of our web sites, we will ask you to consent to the use of any cookies that are not strictly necessary for its operation before we use them.
We may invite you to supply details about yourself and your organisation at any time when you are dealing with us.
For instance, we might ask you for your name, job title, contact details or your interests when you browse one of our web sites or when you leave a message on our voicemail system. We might also ask you for other demographic details, your preferences and interests as well as other data relevant to client surveys and/or offers when you are talking to us. Alternatively, you might just volunteer some personal data by simply presenting us with your business card. We will provide you with or refer you to a relevant concise Privacy Notice that explains how we will process your personal data. We will only use this information for the purposes we indicate at the time we collect it.
However, please be aware firstly that we reserve the right to disclose any details you provide anonymously; and secondly that some of our communication facilities (such as our web sites or blogs) may invite you to publicly contribute to their contents, in which case we will make you aware prior to submission what will be made public and attributable to you.
If we intend to use your details for more general purposes, we will make it clear at the time of collection and provide you with an appropriate mechanism to withdraw your consent or otherwise object to their processing.
If the details you have provided to us change at any time, appear to be inaccurate or you would like to know what we hold about you, please get in touch.
We automatically collect information about you as you use our computing and communication facilities. Typically, this information is in the form of system logs or usage data. We use this information for security purposes and fraud prevention as well as to improve our communication facilities and troubleshoot issues with them. We also analyse this data to gain a better understanding about how our communication facilities are being used and how people are finding out about us. We also use this information for administrative purposes.
We will only use this information about you for direct marketing if you give your explicit consent.
We set out below the general categories of personal data that we may collect and process about you, the purpose for which we intend to use that data and the legal bases for that processing. In the case of any personal data that we have not obtained directly from you, we also state the source and specify the categories of personal data involved.
Usage Logs
We will automatically collect information about you as you use our computing and communication facilities.
For web-based systems, we will automatically log your Internet Protocol (IP) address, browser details, operating system, referral source, geolocation, date, time and the resources you access, amongst other usage statistics. We use this information to improve the navigation, layout and content of these facilities as well as the services we offer you. The sources of this information are the servers under our control.
We also automatically log the calls to our telephone, SMS text and facsimile systems using Calling Line Identification (CLI) data sent by our telephony providers during each incoming call or transmission. We may record the date, time and duration of any call utilising our telephony systems as well as the telephone numbers of the parties involved and how the call was handled. We may do likewise for SMS and fax transmissions. We use this information to improve our efficiency and effectiveness in dealing with calls and transmissions. The sources of this information are our telephony systems and service providers.
We also log the date, time, subject, sender and recipient details of every email and electronic message we handle as well as the IP address of those machines that our systems communicate with, together with other technical data. Other Internet based systems (such as video-conferencing and voice systems, chat services and newsgroups) also collect similar data. The sources of this information are the systems under our control.
We also automatically log any use of our computing systems (including computers, routers, switches, firewalls and wireless access points) however and wherever they are accessed, which may capture personal identifiable information. We record when people log in or out of our computing systems and track the facilities they access. We record date, time, IP and Media Access Control (MAC) addresses (as applicable) as well as other technical data relating to system use. The sources of this information are the computing facilities under our control.
We may also automatically log your use of any building access codes we may issue you with and track your use of them to enter and exit our facilities. Where we collect this information, we use it for health and safety purposes and to secure our premises. The sources of this information are the building access control systems at our facilities.
We may process any of the data that we collect for the purpose of analysing the use of our computing and communications facilities, business administration, system maintenance and troubleshooting, making backups, ensuring the security of our facilities and preventing fraud.
The legal basis for this processing is our legitimate interest in monitoring, securing, protecting and improving our computing and communication facilities.
Analytics
We may automatically collect usage data when you visit any of our web sites or use our web services, which may include your Internet Protocol (IP) address, browser details, operating system, referral source, geolocation, date, time and the resources you access, the length of your visit, how you navigated the web site as well as details about your visiting frequency and usage pattern.
We may process this data for the purpose of analysing the use of our web sites and services and to maintain backups of this information.
We gather this intelligence from Google Analytics, which relies on cookies that we seek your consent to use before processing this information. Our Cookies Statement provides greater detail.
The legal basis for this processing is your consent.
Telephone Recording
We may record telephone conversations when we receive or make calls. We will always warn the parties before we start to record a call. We will not make any recording if the parties do not all consent. We make these recordings so we have a record of the conversation that takes place.
We may process this data for the purpose of analysing how we handle calls, training our staff, compiling minutes of meetings, maintaining backups of this data, ensuring the security of our facilities, evidencing discussions and preventing fraud.
The legal bases for this processing is your consent and our legitimate interest in preventing fraud.
Professional Services
You or your organisation may provide us with your personal data in connection with the delivery of our professional services. This personal data may include your name, job title, etc), postal and email addresses, telephone and facsimile numbers, other electronic addresses, out-of-hours contact details and preferences, gender, date of birth, style of address, marital or civil partnership status and your role within your organisation. If you are an unincorporated client then these details might include your VAT number and bank details. We may process this data for the purpose of operating our facilities, delivering our professional services, keeping notes about the work we have conducted that in some way involved you, maintaining backups, ensuring the security of our facilities, preventing fraud and communicating with you.
The legal basis for this processing is our legitimate interest in providing our services to you or your organisation.
Staff
You may provide us with your personal data in connection with your application and/or employment with us as an employee or worker. This personal data may include your name, postal and email addresses, telephone and facsimile numbers, other electronic addresses, gender, style of address, date of birth, marital or civil partnership status, bank details, passport and driving licence numbers, health, professional membership or registration details, information relating to other employers, education and career history as well as conduct, payment and tax details (including national insurance number). It may also include details of criminal convictions or offences, which we will handle with greater protection than standard personal data. We may also provide you with login credentials and other identifiers for use in connection with some of our systems.
We may process this data for the purpose of assessing your suitability for any vacancy, the proper administration of our business (such as for payroll and pension purposes) and in communicating with you as well as maintaining backups.
The legal bases for this processing is our contract with you as an employee or worker and our legitimate interest in acting as an employer as well as our legal obligations as an employer.
Consultants
You may provide us with your personal data in connection with an application and/or engagement to work on our behalf either directly as a self-employed contractor yourself or as a contractor’s or sub-contractor’s employee or worker. This personal data may include your name, postal and email addresses, telephone and facsimile numbers, other electronic addresses, gender, style of address, date of birth, marital or civil partnership status, bank details, VAT number, health, professional membership or registration details, education and career history as well as conduct and payment details. It may also include any identifiers relating to your employment with our contractor. It may also include details of criminal convictions or offences, which we will handle with greater protection than standard personal data. We may also provide you with login credentials and other identifiers for use in connection with some of our systems.
We may process this data for assessing your suitability or that of your employer for any vacancy, the purpose of the proper administration of our business (such as processing your timesheets and making payments to you) and in communicating with you as well as maintaining backups.
The legal basis for this processing is our legal obligations as a business in recording such things as financial transactions between us and our legitimate interest in consuming the services that you or your organisation offer.
Next of Kin, Referee, Spouse, Civil Partner or Dependant
Your personal data may be supplied to us by someone seeking a reference or citing you as next of kin. It may also be given to us by an employee or worker who is your spouse or civil partner in connection with family matters such as parental leave or because you are dependent on them.
This personal data may include your name, postal and email addresses, telephone and facsimile numbers, other electronic addresses and your style of address. In some instances (such as parental leave), it may include your employer’s details, national insurance number and date of birth.
We will only process your data in connection with obtaining the requested reference or where you are the next of kin, spouse, civil partner or dependent and it is reasonable and appropriate.
The legal basis for this processing is our legitimate interest in seeking references for those looking to work with us and looking after the welfare of those who work for us and our legal obligations as an employer.
Visitors
You may provide us with some very basic details (typically name and organisation) when visiting any of our premises.
We may process this data for the purpose of ensuring your security and that of our premises and those working there while you are our guest. For instance, we will want to account for all those in any building that we have to evacuate in the event of an emergency.
The legal basis for this processing is our legitimate interest in keeping you and our asset and those of our client’s safe.
Equal Opportunity Monitoring
You may provide us with your personal data in connection with equal opportunity monitoring. This information will be considered strictly confidential and will be anonymised wherever possible.
We will only process this data for the purpose of monitoring the equal opportunities offered by our business as well as maintaining backups of that data.
The legal basis for this processing is your consent to process special categories of personal data about you under GDPR Article 9.2(a).
Correspondence
You or another may provide us with your personal data in any communication that we receive. These communications typically include conversations (in person or over electronic media such as a telephony service), letters, emails, texts, other messaging services, business cards, facsimile and voicemail messages. This data may include not only the actual content but also any metadata associated with it (such as its source and delivery method, address, date and time).
We may process this data for the purpose of subsequently communicating with you as part of our day-to-day business activities and for record keeping as well as maintaining backups. We may also send you occasional direct postal marketing unless you object to this. We will not use your contact details for any other form of direct marketing.
The legal basis for this processing is our legitimate interest in the proper administration of our business (using any communication service) and promoting it to you (using only postal services). If you object to our processing your data for promotional purposes then we will immediately cease.
You may provide personal information when you post material on any of our web sites or services. Your personal data may be in the text, video, audio or photographic content.
We may process this data for the purpose of enabling its publication, promoting our business and in administering, operating and maintaining our web site and services as well as maintaining backups, ensuring the security of our facilities and communicating with you.
The legal basis for this processing is your consent.
Enquiries
You may provide us with your personal data in an enquiry you make about our services. For instance, you might complete an enquiry form on our web site or leave a message on our voicemail system. This personal data typically includes your name and contact details appropriate to the medium you are using.
We may process this data for the purpose of offering, marketing and selling relevant services to you as well as maintaining backups and communicating with you. These communications may include sending you by post our annual calendar and greetings cards.
The legal basis for this processing is our legitimate interest in responding to your enquiry (using any communication service) and its promotion to you (using only postal services). If you subsequently object to our processing your data for promotional purposes then we will immediately cease.
Marketing
You may provide us with your personal data for marketing purposes because you are interested in our business and the aervices we provide.
We may invite you to sign up to our online facilities and to supply contact and profile details about yourself and your organisation at any time. For instance, we might ask you for your name, job title, contact details or your interests when you browse one of our web sites. We might also ask you for other demographic details, your preferences and interests as well as other data relevant to client surveys and/or offers when you are speaking to us.
We may process this data for the purpose of sending you marketing communications (such as emails, newsletters and text messages) as well as making telephone calls using the communication channels and preferences you indicated were acceptable. We may also process this data to provide you with access to protected resources on our computer systems (including web sites and services).
These details may include your name, login credentials for our online services, job title, organisation, postal and email addresses, telephone and facsimile numbers, other electronic addresses, gender, style of address, date of birth, marital or civil partnership status, preferences, interests, education and employment details. This information may be securely accessible by you via some of our web sites or services.
Our systems may automatically record the date and time you first registered to use any online service as well as subsequent use. They may also collect details about the IP address and browser you are using each time.
We may process this data for the purposes of direct marketing and in generally communicating with you according to your preferences. We may also process this data for the purpose of operating our computer systems, running our online services, maintaining backups, ensuring the security of our systems and preventing fraud.
The legal basis for this processing is your consent.
Postal Marketing
We may obtain personal data about you from various publicly available sources including desk research for the purpose of sending you marketing communications by post when we believe these will be of interest to your organisation (which you can ask us to stop sending at any time). We will typically be introducing our business to your organisation and seeking your consent to market our services to you using other channels that you consent to.
This personal data will usually include your name, job title, organisation, postal address and your style of address.
The legal basis for this processing is our legitimate interest in promoting our business. If you object to our processing your data for promotional purposes then we will immediately cease.
Transactions
You may provide some personal data to us when you or your organisation enter into transactions with us whether personally or through our communication facilities. This data will include your contact details as well as potentially payment method and financial details. We may process this data for the purpose of proper record keeping, maintaining backups, ensuring the security of our facilities, preventing fraud and communicating with you.
The legal basis for this processing is to perform a contract or in taking steps to enter into such a contract as well as our legitimate interests in administering our business properly.
Health and Safety
We may obtain your personal data in recording a health and safety incident. You may have been involved directly or acted as a witness. The details we obtain would typically be basic contact details and any personal details provided in narrative around the incident.
The legal basis for this processing is our obligation under law to maintain proper health and safety records.
Legal Purposes
We may process any of your personal data that we acquire to establish, exercise or defend legal claims whether made in court proceedings or otherwise.
The legal basis for this processing is our legitimate interest in protecting and asserting our, your or a third party’s legal rights.
CCTV
You may be filmed by any closed circuit television (CCTV) systems that we may use at of our facilities. We will prominently display notices at those facilities where we use CCTV.
We may process this data for the purpose of ensuring the security of our facilities, preventing crime and maintaining backups of this data. The source of this personal data will be the CCTV systems under our control.
The legal basis for this processing is our legitimate interest in monitoring, securing and protecting our assets and those of our clients and preventing crime.
Photography, Audio and Video
We may take photographs, record audio and video of you at events and in public places.
We may process these images (which may contain personal identifiable information) for the purpose of promoting our business, maintaining backups of this data, preventing crime and ensuring the security of our assets. We may make these recordings available online on our web sites or the social media platforms that we use either standalone or incorporated into other works. We may also distribute them as part of our marketing activities.
The legal basis for this processing will usually be our legitimate interest in promoting our business, protecting our assets and preventing crime. However, the legal basis may be contract if you have agreed to be a subject in these images for whatever purpose was agreed.
Other Purposes
We may process any of your personal data that we acquire where such processing is necessary to comply with our legal obligations or to protect your vital interests or those of another natural person.
Our electronic marketing (emarketing) is permission based. If you receive an electronic marketing message from us then our records indicate that (a) you have expressly shared your address for the purpose of receiving information in the future (ie: you have “opted-in”); or (b) you are a client or otherwise have an existing relationship with us. We respect your time and attention by controlling the frequency of our mailings and calls. We also do not use any form of web beacon in our marketing messages. Electronic marketing includes any form of marketing using electronic communication such as email, fax or SMS text.
If you believe you have received an unwanted, unsolicited electronic message from us then please contact us. If the message was received by email then please forward a copy of that email with your comments to info@bhandl.co.uk for review.
We will not share the details you provide to us or we collect about you with any other party without your express consent, except with those who work directly for or on our behalf and who agree to uphold your confidentiality; our professional advisers; agents acting on our behalf; our subsidiaries, our ultimate holding company and all its subsidiaries (where applicable); or with those agencies that we are legally obliged to do so or to protect your vital interests or those of another natural person.
For instance, we may disclose your personal data to our accountants, lawyers, insurers and other professional advisers as is reasonably necessary for the purpose of receiving accounting advice, managing legal disputes, obtaining insurance and other professional advice. We may also provide such personal data as is necessary to our contractors and sub-contractors engaged in discharging our professional services to you or your organisation. We may also share your personal data with payment service providers only to the extent that they can process payments, arrange refunds, investigate complaints and deal with other such reasonable enquiries.
We will keep your personal details within the European Economic Area and will not transfer them to any other country except with your prior and express consent.
However, please understand that any information you provide to us over the Internet can be routed outside the European Economic Area as it passes between you and our computers. This is intrinsic to the way the Internet works and is beyond our control. We cannot prevent the use or abuse of personal data by others in this circumstance.
We have information retention policies and procedures in place that are designed to ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. However, we may retain your personal data in order to comply with our legal obligations or to protect your vital interests or those of another natural person.
Subject to any other notices that we may provide to you, we may retain your personal data for a period of six years after your association with us has come to an end. However, some information may be retained longer or even indefinitely by us in order to maintain records for archiving and administrative purposes as well as to establish, exercise or defend legal claims. For instance, we keep the records of senior appointments within the Company indefinitely in accordance with best practice. We may also keep pension records for twelve years after any benefits under them cease. We keep personal data held in connection with health and safety for forty years after they ceased to be actively used. We keep staff medical records for fifty years. We keep meeting records (which may contain some personal data) indefinitely. We also retain personal data held in connection with client assignments we conduct for at least six years after the last activity in accordance with the Limitation Act 1980.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us. You may also object to any direct marketing we may send to you by post, which we will immediately cease sending.
You may request details of the personal information that we hold about you under data protection legislation. If you would like a copy of the information held on you then please write to or email us:-
Bearnes Hampton & Littlewood Ltd
St Edmund's Court
Okehampton Street
Exeter
Devon
EX4 1DU
EMail: info@bhandl.co.uk
We will not charge for supplying this information. However, we may charge a reasonable fee to cover our administrative costs if you request subsequent copies. We will supply this information without undue delay and usually within one calendar month of your request unless we notify you of extenuating circumstances within that period. We then have three months to respond under the data protection legislation. We may refuse to supply the information if your request is excessive or manifestly unfounded, in which case we will advise you how we have reached this conclusion.
We must take reasonable steps to verify your identity if you make a request before we supply any personal data.
Where you make the request by electronic means and do not request otherwise, we will provide the information in a commonly used electronic form.
If you believe that any information we are holding about you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Bearnes Hampton & Littlewood Ltd is registered with the Information Commissioner in the United Kingdom as a data controller under number Z186392X
We have broadly summarised the rights that you have under data protection legislation in the section below.
Please contact us if you wish to exercise any of these rights.
Right to Access
You have the right to be told by us whether we are processing your personal data. If we are processing your personal data, you have the right to access that data along with additional information that includes the purposes of the processing; the categories of the personal data concerned and the recipients or categories of recipients to whom the personal data has or will be disclosed.
We will provide you with a copy of your personal data provided that the rights and freedoms of others are not affected within one calendar month of your request.
The first copy will be provided without any charge but additional copies may be subject to a reasonable fee.
Where you make the request by electronic means and do not request otherwise, we will provide the information in a commonly used electronic form.
Right to Rectification
You have the right for any inaccurate personal data to be corrected without undue delay and, taking into account the purposes of the processing, to have any incomplete personal data completed.
Right to Erasure
You have the right to the erasure of your personal data without undue delay in certain circumstances, which include when the personal data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; you withdraw consent to consent-based processing where there is no other legal basis for processing; the processing is for direct marketing purposes; and the personal data has been processed unlawfully.
However, there are some exclusions to this right including where the processing is necessary in order to exercise the right to freedom of expression and information; for compliance with legal obligations or in order to exercise or defend legal claims.
Right to Restrict Processing
You have the right to restrict the processing of your personal data in certain circumstances. This includes situations where you contest the accuracy of your personal data; processing is unlawful but you oppose erasure; we no longer require your personal data but you require it to exercise or defend legal claims; and you have objected to processing pending verification of whose interests should prevail in that objection.
Where you successfully exercise this right, we may continue to store your personal data. We will only then process it with your consent; in establishing, exercising or defending legal claims; in protecting the rights of another natural or legal person; or for reasons of public interest.
Right to Object to Processing
You have the right to object to the processing of your personal data on grounds relating to your own particular situation.
We will not process your personal data in the event you object unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or the processing is to establish, exercise or defend legal claims.
You have the right to object to the processing of your personal data for direct marketing purposes including any profiling that relates to direct marketing.
We will cease processing your personal data for direct marketing if you object.
You also have the right to object to our processing of your personal data for scientific or historical research or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format to the extent that our processing of your personal data is based on consent or a contract and the processing is carried out by automated means. You have the right to transmit your personal data to another controller without hindrance from us to the same extent.
Furthermore, in exercising this right, you have the additional right that your personal data be directly transmitted to another data controller where this is technically feasible.
However, the exercise of any right is subject to not adversely affecting the rights and freedoms of others.
Right to Complain to a Supervisory Authority
You have the right to complain about our processing of your personal data if you believe it infringes data protection legislation to a supervisory authority responsible for data protection in the EU state in which you habitually reside, work or where the alleged infringement occurred.
Right to Withdraw Consent
You have the right to withdraw your consent at any time to any processing that we conduct where the legitimate basis is consent, although the withdrawal of such consent will not affect the lawfulness of any processing executed before the right was exercised.
We do not use any automatic decision-making.
We are committed to the security of your personal information. We have procedures in place to protect against the loss, misuse or alteration of your information under our control.
Our web sites and emarketing messages may contain links to web sites of interest outside of our control. However, once you have used these links to leave any of our sites then you should understand that we do not have any control over these other web sites. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to each web site in question.
You can contact the Information Commissioner’s Office in the United Kingdom using the details below:-
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: (0303) 123 1113
Web: www.ico.org.uk
If you would like further information about this privacy statement or any aspect of how we handle your personal data then please do not hesitate to contact us.