Hepapi services clients nationally and internationally. We are committed to managing personal information in accordance with relevant local privacy and data protection laws which apply which include the General Data Protection Regulation (EU) 2016/679 (GDPR) and other local applicable privacy laws.
Other terms may also apply to you and the information we hold about you. For example, if you are employed with us you will have specific privacy terms in your employment contract with us.
The Information collect about you
For our current client base ; prospective customers and other business partners
We will collect information about:
We generally deal directly with our customers (see above). When your organisation enquires about our products or services or when your organisation becomes our customer, or we otherwise do business with you (because you attend an event we host, work for one of our suppliers, or other business partners), a record is made which may include your personal information.
The type of personal information that we collect will vary depending on the circumstances of collection and the purpose for which we are dealing with you, but will typically include:
You can always decline to provide any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested, or we may not be able to do business with you effectively. If you have any concerns about personal information we have requested, please let us know.
The way in which we handle the personal information of visitors to our websites is discussed below.
How and why we collect and use your personal information
We collect personal information reasonably necessary to carry out our business, to assess and manage our customer’s needs, and to provide products and services. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing customer and other business relationships.
The purposes for which we usually collect and use personal information depends on the nature of your interaction with us, but may include:
We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:
We also collect and use personal information for market research purposes and to innovate our delivery of products and services.
We have a legitimate interest in using your information in the ways listed above. In some cases, it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s, statutory or public functions or because the law permits or requires us to.
How do we interact with you online?
How do we hold information?
We store information in electronic record keeping methods in secure databases or paper-based files. Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed) as per our data retention policy).
We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
How long will your personal information be kept?
We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.
Do we use or disclose your personal information for direct marketing?
We have a legitimate interest in processing your personal information for promotional purposes and we may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you or as otherwise permitted under applicable privacy laws.
This means under certain privacy laws we do not usually need your consent to send you marketing communications such as our newsletter. However, where consent is required under applicable privacy laws, we will ask for this consent separately and clearly. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the opt-out functionality contained in the electronic message.
If you opt-out of receiving marketing material from us, we may still contact you in relation to its ongoing relationship with you.
How do we use and disclose personal information?
The purposes for which we may use and disclose your personal information will depend on the reason we are interacting with you. For example, if you have engaged us to deliver our products and services to your organisation, we may disclose information about you to our service providers where required to provide your organisation with the relevant products and services.
We may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for logistical services, data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.
Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.
If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):
If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.
How can you access or see correction of your personal information?
You are entitled to access your personal information held by us on request. To request access to your personal information please contact our HR Compliance Officer using the contact details set out below.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information, we hold about you and letting us know if your personal details change.
However, if you consider any personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with GDPR. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
What should you do if you have a complaint about the handling of your personal information?
You may make a complaint about privacy to the HR Compliance Officer at the contact details set out below.
The HR Compliance Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that we may have breached the General Data Protection Regulation 2016/679, a complaint may be made to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or call their helpline number: 0303 123 1113 (local rate) or 01625 545 745
If you are outside of the United Kingdom, you may wish to take your complaint up with the local data protection authority in your jurisdiction.