WoolfHodson Ltd. Privacy Notice
1. Who we are and how to contact us
We are WoolfHodson Ltd, a company registered in England and Wales with Company Number 10426361, whose registered address is at Inglewood, Northern Heights, Bourne End, Buckinghamshire, SL8 5LE, United Kingdom.
Our contact details are:
Tel: +44 777 0601 578
Correspondence address: Pinewood, Chineham Business park, Crockford Lane, Basingstoke, Hampshire RG24 8AL
Any queries about this Privacy Notice or questions about our processing of personal data should be addressed to personaldata@WoolfHodson.com
2. Why we process personal information as a data controller
WoolfHodson Ltd collects and processes contact information for our own business requirements including:
a) contact information for our clients’ representatives. We process and use this data both for communicating with clients about the ongoing service that we provide and to inform them of any of our other services which we believe our clients would find of interest.
b) contact information for representatives of businesses for whom we do not currently provide a contracted service, but who we believe would benefit from learning about our services.
We may contact representatives of our clients or prospective clients in their capacity as an officer or employee of that business.
The basis on which we process such personal data is as follows:
• Contractual obligation – in order to fulfil our contractual obligations under a statement of work we may communicate with company officers, employees, consultants or contractors (in their capacity as advisors to a business with whom we are contracted to provide a service)
• Consent – where a person has freely given their consent to receive specified marketing information from us.
• Legitimate Interest – where we process limited contact information about officers or employees of, or consultants or contractors in their capacity as advisers to a business with whom we would like to develop a contractual relationship and who we assess may benefit from learning about our company and our services. Where we process personal data on this basis, we assess the processing of such personal data to determine the source, relevance and duration of processing and we limit the duration of such processing in line with our retention schedule. Please refer to Section 8 of this document further information.
Where a recipient indicates that they wish us to stop or curtail marketing communications to them, we will always respect their wishes.
3. Categories of personal data that we process
As we only offer services to businesses and are not involved in providing services direct to individuals in their private capacity, we do not knowingly process personal data about persons in their private life.
We class personal data that we process about officers, employees or consultants or contractors to a business, as ‘business card’ data. Such data will usually include:
• Name, title, role, company name, contact details including telephone, email and physical address.
We do not intentionally or knowingly process any ‘Special Category’ personal data or data about children.
4. How we source your personal data
We collect personal data through a number of routes:
• through direct interaction with either the data subject (e.g. an individual providing us with their contact details) or via the business for which they work as a result of normal business practice. This may include periods prior to, during and following the fulfilment of a contracted statement of work.
• through completion of an online form or follow up by a data subject to a piece of WoolfHodson-created content which may be placed on our website or shared through other social networks.
• through publicly available sources; for instance, we may collect and process personal data on individuals who we notice have publicly expressed a business interest in the type of services we offer, but with whom we have no prior relationship
• through 3rd parties who have sourced personal business contact data in compliance with data sourcing and consent rules set out in the GDPR
5. Uses made of your information
WoolfHodson utilises the data that it collects to:
a. Communicate with client stakeholders in order to deliver contracted services
b. Communicate with prospects following a verbal or online request for information
c. distribute marketing emails, specifically relevant to the organisation for which an individual works.
6. Sharing your personal information
In the normal course of our business we use standard business management applications such as Customer Relationship Management (CRM), document, file management systems, workflow tools and standard financial management and accounting tools. Some of these are cloud based and
therefore all data held on such systems are effectively ‘shared’ with the provider of these services. However, the data remains under WoolfHodson control and all providers are subject to the GDPR. If you would like more detail on our business applications, please contact us at personaldata@WoolfHodson.com
WoolfHodson does not share personal data with 3rd parties for their use without the specific consent of the data subject. If you believe your privacy has been breached in this way please contact us at personaldata@WoolfHodson.com
7. Personal data transfer overseas and safeguards
Our policy on personal data being transferred overseas and the safeguards that we take will be available in due course – please contact personaldata@WoolfHodson.com for further information.
8. Our personal data retention periods
We have no interest in retaining personal data longer than is necessary or relevant. Our retention policy reflects this attitude. Should you wish to access our full data retention schedule please contact personaldata@WoolfHodson.com
We process personal data in respect of client businesses as mentioned in section 2 above for the duration of the contract to fulfil our contractual obligations and for a further period of up to 2 years after the contract has ceased. Where a client’s representative leaves their role within that business, we will seek to replace their contact details with their updated contact details as soon as we are able.
Where personal contact information relating to an officer, employee, consultant or contractor of the client becomes out of date, we require that our client provide replacement contact information.
We process contact personal data in respect of prospective clients as mentioned in section 2 above for a maximum of 2 years either from the point of origination in our systems or if relevant, from the last known response activity from or by the contact. If at any stage the contact requests that we stop or limit marketing communications, we will always respect their right to do so and will stop or restrict our communications to them in accordance with their wishes.
Client provisioned data
From time to time our clients provide us with a segment of their data for use within their marketing campaigns. This data will be used purely for the purposes requested by the client and will be covered within the SoW / Contract. We will keep this data for a total period of 6 weeks, held on a secure FTP site, after which this will be deleted. Should this data be provided via any other mechanism i.e. email, it will be immediately deleted from local machines and the client informed that they are in breach of our privacy and security policies.
9. Your data protection rights
For UK and EU residents, data protection law provides you with several important rights, the most important of which are simply summarised below. WoolfHodson go further though, because we believe that the EU General Data Protection Regulations (known as GDPR) provide the very
highest standards of data protection to be found globally, so we adopt and hold ourselves accountable to honour these rights worldwide, irrespective of where you are resident. If you would like more detailed information about all of your legal rights as a resident of the EEA, you may wish to consider visiting https://ico.org.uk/ or reviewing the GDPR regulations at https://www.eugdpr.org/the-regulation.html
A simple summary of some of your most important EU GDPR data subject rights are provided below:
Right to be informed
We are required to issue what is otherwise known as a Privacy Notice of which this document is an example, so that you know who we are, how to
contact us, what categories of personal information we process and on what legal basis this processing is undertaken
Right to access
Otherwise known as a Data Subject Access Request or DSAR, which gives you the right to request that we provide you with all personal data
that we process relating to you, the data subject
Right to object or restrict
This right allows you to require us to stop further processing activities until we have for example, resolved a query or complaint from you, which
might be about the accuracy or legitimacy of the personal data that we are processing about you
Right to rectification
This right provides for you to require us to correct information that we hold about you. In practice, we will be only too glad to do so as we wish
our marketing communications to address your correctly
Right to erasure
This is a more limited right, that provides for you to request that we erase your personal data from our processing systems. We will always seek to
satisfy such as request, subject to our ability to honour our contractual and legal obligations
Note: these are simple summaries. You should consult the ICO or take independent legal advice should you required a more detailed understanding of your rights under UK and EU data protection laws.
10. Business change
If we undergo a group reorganisation or are sold to a third party, the personal information that we process may be transferred within the reorganised group or to the third party, in either case your personal data will continue to be processed in accordance with this Privacy Notice.
11. Our data protection supervisory authority and raising a concern
We are a UK based business, so for data protection matters, the Information Commissioner’s Office (ICO) is our data protection supervisory authority. The ICO publish excellent guidance for data subjects, so we recommend that you go to their site to learn more about your rights. The URL for their site is: https://ico.org.uk/
Should you at any time wish to raise a concern about how we process your personal data, please contact us, using the contact details set out in section 1 above. We care about respecting your rights, so we will do our very best to handle your concern in a fair and timely manner.
In the unlikely event that we are not able to satisfy your concern, you may raise your concern with the ICO as our data protection supervisory authority. The ICO provide excellent guidance on raising concerns and on how to do so with them. A link to the relevant section of the ICO website
12. Automated decision making and profiling
We do not undertake any form of automated decision making or profiling of contacts whose personal data we process. This is because our business focus is the entities to whom we seek to establish a commercial relationship or to satisfy a contract. We process contact information about officers, employees, contractors or consultants of entity, only as necessary to provide service or business development communications.
Author: Alexandra Hall
Date of Creation: 21/05/2018
Date of Latest Amends: 24/05/2018