Hugh Hickman and Son
GDPR data protection privacy notice ‐ clients and prospective clients
This notice explains what personal data (information) we hold about you, how we collect it and how we use and may share information about you during your relationship with Hugh Hickman and Son and after it ends. We are required to notify you of this information under data protection legislation. Please ensure that you read this notice and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the information
Hugh Hickman and Son is a ‘data controller’ and gathers and uses certain information about you. Our contact details are given below.
About the information we collect and hold
The information we might collect from you includes your name, age, address, email address, telephone numbers, date of birth, national insurance number, tax reference number, details of your bank or building society, information verifying your identity (eg copy passport or driving licence and utility bills).
Where information may be held
Information may be held at our offices and those of third party agencies, service providers, representatives and agents. We do not transfer or process data outside the UK. We have security measures in place to seek to ensure that there is appropriate security for information we hold.
How the information is collected
Usually we collect the information from you when we ask for it. Occasionally we may obtain your information from publicly available sources such as the phonebook or the electoral roll, online resources or from third parties who hold such information and are permitted to share it with us.
Why the information is being collected
The information is collected so that we can:
- enter into and perform the contract to provide our services to you
- maintain client records and good client practice and comply with our legal obligations (such as those imposed by anti-money laundering regulations)
How the information will be used
The information will be used:
- to enter into and perform the contract to provide our services to you
- to write to you from time to time in respect of matters that may be of interest to you
- to comply with our legal obligations (for example, to demonstrate to regulatory authorities that we are complying with obligations imposed by anti-money laundering regulations)
Who the information will be shared with
We will not normally share your information with third parties without your consent save in the performance of the contract to provide our services to you or to the extent that we are required to do so by law (for example, to demonstrate to regulatory authorities that we are complying with obligations imposed by anti-money laundering legislation).
We may also share information with our external contractors, our professional advisers, The recipient of the information in these circumstances will be bound by confidentiality obligations.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.
For how long the information will be kept
We keep your information during and after your relationship with Hugh Hickman & Son for no longer than is necessary for the purposes for which the personal information is processed.
Your rights to correct and access your information and to ask for it to be erased
Please contact our Data Protection Officer (DPO) by email at firstname.lastname@example.org or by telephone 023 9246 3008 if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask our DPO for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our DPO will provide you with further information about the right to be forgotten, if you ask for it.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that our DPO can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner on their website or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.