Privacy Policy

PLEASE READ THE TERMS OF THIS POLICY CAREFULLY BEFORE USING THE SITE

Who are we?

We are Hemsley Fraser Group Limited, a learning and development provider predominantly serving the business-to-business market.

We are registered in England and Wales No: 02638042.

Our VAT registration number is GB 777 3270 03.

Our data protection registration number is Z5610077.

How can we be contacted?

Our registered address is St James Court, 74-94 Fore Street, Saltash, PL12 6JW.

We have appointed a data privacy manager to oversee compliance with this Privacy Policy.  If you have any questions concerning this policy, personal information that we hold on you, or you would like to change your personal information or make a complaint please contact them directly at compliance@hemsleyfraser.co.uk

1. By using our site you accept these terms

Your access to and use of this website, learner portals or Digital Hub(s) is subject to the terms of this policy, our Terms and Conditions and any other legal notices and statements contained on this website.  By using this website, learner portals or Digital Hub(s), you agree to be subject to the following terms. If you do not agree to them, please do not use our sites.  You should keep a copy of these terms for reference.

2. What terms will apply to you?

This Privacy Policy should be read with the following important documents as they will all apply to you. You’ll find each document by clicking on the link below:

2.1. Our Website Terms of Use.

2.2. This Privacy Policy.

2.3. Our Cookies Policy.

2.4. Our Terms and Conditions.

3. Why do we have a Privacy Policy?

We are committed to protecting and respecting your privacy.  We are also required to ensure we are compliant with all Data Protection law.  This includes the European General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SIC426.2003) as well as any laws implemented, added to or replacing those pieces of legislation.

4. This policy and our terms and conditions guide how we use personal information that you give to us.

5. By using this website or our Digital Hub, you are telling us that you agree to the terms of this policy.

6. Our Privacy Policy will be reviewed and may change.  By continuing to use our website you agree that you accept any changes that we make.  Any information we hold will be governed by our most recent Privacy Policy.

7. What Personal Information do we collect and how do we use it?

7.1. Hemsley Fraser collects certain personal information to be able to offer its range of courses and services to you. We obtain information about you when you use our website, our Digital Hub, make enquiries for, or purchase our products or services or information that is gathered from publically available sources such as websites or Linkedin.

7.2. We will collect personal information from you when you use this website (for example when you register as a user, browse, fill in a form, use the web chat feature, when using our Digital Hub or when you contact us by phone, e-mail and other means.

7.3 Additionally, we source personalised information directly from list owners who offer GDPR compliant data on decision-makers in companies we would like to approach in order to promote our products and services. 

8. The information we will collect includes:

We collect personal information on customers, enquirers, prospects, suppliers, contractors, consultants, agents, partners, associates, employees and job applicants

8.1. Information that is given when subscribing for or booking our courses and services, posting material or inquiring about or requesting further courses and services;

8.2. information when you report a problem with our website;

8.3. your name, address, telephone numbers, email addresses and other contact information, your job title, preferences, interests, financial information such as credit card details, areas of the website used and visited, areas of the Digital Hub used and visited, details of your or your organisation’s training needs, training events you have previously expressed interest in or attended and links to and from third-party websites. On occasion, we will have a need to collect personal sensitive information including but not limited to religion and health so as to enable us to perform a specific purpose;

8.4. information automatically collected when you use our website including:

8.4.1. technical information such as your IP address, your login information, browser type and plug-ins, time zone setting, operating system and platform;

8.4.2. information about your visit, including the full URLs, clickstream to, through and from our site (including date and time), products, events, courses and services you have viewed and searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.

8.5 Each time you use your LinkedIn credentials to log in to the Services the following personal data is collected by us: your name, email address and profile picture. Your user credentials are used to authenticate your access to the Services and to track your usage of the Services.

8.6. We may also need to collect and maintain information from external sources such as credit reference and identity verification agencies. We will tell you when we receive information from them and how we will use it.

8.7. Any information that you give to us by volunteering to take part in occasional surveys for marketing or research purposes.

9. How will we use your information?

All personal data is processed and stored securely, for no longer than is necessary in light of the reasons for which it was first collected. Our use of your personal data will always have a lawful basis, either because it is necessary for the performance of a contract with you because you have explicitly consented to our use of your personal data or because it is in our legitimate interests.

9.1 With regard to the former, this accounts for data types such as customers, enquirers, prospects, suppliers, contractors, consultants, agents, partners, associates, employees and job applicants.

9.2 If you have provided your explicit consent we will communicate with you about relevant information and opportunities relating to courses and services which we think may be of interest to you. You have the right to withdraw your consent at any time (see paragraph 16).  To do so please contact compliance@hemsleyfraser.co.uk.

9.3 We may also use your data for direct marketing purposes which may include contacting you by email and/or telephone and/or text and/or post with information, news and offers on our products and/or services. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

9.4 In respect of the legal grounds of legitimate interest, G.D.P.R. deems that the processing of personal data for direct marketing purposes ‘may’ be regarded as carried out for a legitimate interest.

9.4.1 We have a legitimate interest in retaining and processing personal data via direct marketing to prospects via email and/or telephone and/or text and/or by mail who have a potential need for our products and services. Personal data may have been acquired indirectly through list owners who offer G.D.P.R. compliant commercial databases or directly from publically available sources.

9.4.2 All direct marketing communications are subject to being of a business to business nature, being professionally relevant to the function and roles of the data subjects and being inclusive of an easy option to opt-out from our communications at any point in time. The opt-out process can be achieved by post, email or telephone or by simply unsubscribing using the link in our emails. You will then be suppressed immediately from any future communications based on your specific preferences. Please however be aware that we will still need to retain basic information concerning the suppression so as ensure that the data subject is not sourced via alternative means and then subsequently re-entered back into our database.

9.4.3 We do not keep your personal data for any longer than is necessary for the reasons described below. In the case of prospect data, data will be retained for up to a maximum of 12 months.

9.4.4 We would never seek to process personal information in a way that a data subject would deem unreasonable, inappropriate, harmful, intrusive, giving rise to distress or be seen as an invasion of privacy. To that end, we have conducted a Legitimate Interest Assessment to ensure that our reliance on Legitimate Interest as a legal grounds for conducting direct marketing is proportionate and won’t ever override the privacy rights and fundamental freedoms of data subjects. A copy of our Legitimate Interest Assessment is available on request. 

9.5 Specifically, Hemsley Fraser will use your information for the following purposes:

9.5.1. to open and maintain your client and/or learner account/s with us;

9.5.2. to confirm your identity;

9.5.3 to process payments;

9.5.4. to ensure that website content is properly and effectively displayed;

9.5.5. to provide you with information on courses, products or services that you request from us or which may be of interest to you;

9.5.6 to manage your client and/or learner portal and the Digital Hub

9.5.7. to audit the usage of our website including:

9.5.7.1. to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

9.5.7.2. to improve our site to ensure that content is presented in the most effective manner;

9.5.7.3. to allow you to participate in interactive features of our service including the webchat feature;

9.5.7.4. as part of our efforts to keep our site safe and secure;

9.5.7.5. to measure the effectiveness of advertising and to deliver relevant advertising to you;

9.5.7.6. to make suggestions and recommendations to you and other users of our site about courses, events, products or services;

9.5.7.7. to enable us to provide you with the courses and services that you have requested from us and to perform our legal obligations to you;

9.5.7.8. for training purposes, quality assurance or to record details about the courses and services you order from us;

9.5.7.9. to satisfy and meet our legal and regulatory requirements;

9.5.7.10. to allow you to participate in interactive features of our services when you choose to do so; and

9.5.7.11. to notify you about changes to our courses and services.

10. Disclosure of Information

10.1 We may disclose your personal information to the following people (who may be within or outside the European Economic Area) to answer your enquiries, to perform and administer the contract we enter into with you in accordance with our Terms and Conditions and to process payments:

10.1.1. our associated companies including any member of the Hemsley Fraser group of companies which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;

10.1.2. our third-party service providers, sub-contractors, suppliers and professional advisors including but not limited to; payment processing, search engine optimisation, web analytics and marketing services such as email marketing or outbound telemarketing.

10.1.3. credit agencies;

10.1.4. successors in title to our business. Any new controlling party will only be permitted to use the data for the exact same purposes for which it was originally collected;

10.1.5. any organisation or person expressly instructed by you;

10.1.6. any relevant regulatory, governmental or law enforcement authority as required by law;

10.1.7. third parties necessary to provide the courses and services requested by you or necessary to protect the rights, property, or safety of our other clients, our employees, agents, consultants, sub-contractors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;

10.1.8. advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in postcode SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience.

10.2. We will work to ensure that any transfer outside the European Economic Area is lawful and that appropriate security arrangements apply.

10.3. In order to transfer personal information to third parties in territories that do not yet retain adequate privacy laws, we will look to enter into agreements with the parties to whom we may there transfer your personal information ensuring appropriate and suitable safeguards that would be accepted as adequate within the European Economic Area.

10.4. We require that organisations outside of our group of companies who handle or obtain personal information as service providers adhere to Data Protection Agreements and acknowledge the confidentiality of this information, undertake to respect any individual’s right to privacy and comply with all Data Protection Legislation and this policy

11. Security of Information

11.1. We take the safeguarding of your data very seriously. All personal information in our possession is held securely. We have put in place appropriate technical and organisational security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

11.2. All information you provide to us is stored on secure servers and payment transactions will be encrypted. In accordance with our Website Terms of Use, where we have given you (or where you have chosen) a username and password which enables you to access certain parts of our site, you must keep this information safe. We ask you not to share a password with anyone.

11.3. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from compliance@hemsleyfraser.co.uk

11.4. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and up to date.  Please keep us informed if your personal information changes during your relationship with us.

13. Data Retention

13.1 We are legally required to hold some types of information to fulfil our statutory obligations.

13.2. We will only retain your personal information for as long as we need to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.  To decide the appropriate retention period for your personal data, we consider the amount of it we hold and it’s nature, and sensitivity, as well as the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. We will comply with our obligations as a Data Controller and safeguard your rights under GDPR and the Privacy and Electronic Communication (EC Directive) Regulations 2003.

13.3. In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a client of Hemsley Fraser we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

14. Your rights of access, correction, erasure, and restriction

14.1. Under certain circumstances, the law sets out that you have the right to:

14.1.1. Be informed about our collection, use and storage of personal information

14.1.2 Request access to your personal information (commonly known as a "data subject access request"). This allows you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

14.1.3. Request correction of the personal information that we hold about you. This allows you to have any incomplete or inaccurate information we hold about you corrected.

14.1.4. Request erasure of your personal information. This allows you to ask us to delete or remove personal information where there is no good reason for us continuing to process it and add you to a suppression file for future direct marketing approaches. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

14.1.5. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are improperly processing your personal information for direct marketing purposes.

14.1.6. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.

14.1.7. Request the transfer of your personal information to another party. 

14.2. No fee usually required

Unless we feel your request is excessive or unfounded we will not charge a fee for you to access your personal information (or to exercise any of the other rights).  We do not conduct any form of profiling or automated decision making. Neither do we collect, process or store information on children under the age of 16. Children are therefore expressly prohibited from using this website. We can not be held accountable for links to other unconnected websites. Data subjects are therefore advised to check the privacy policy of any such website prior to providing any personal information.

15. What we may need from you

To ensure that your personal information is never put into the hands of someone who has no right to it, we may ask you for information to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

16. Right to withdraw consent

If you have consented to us collecting, processing and transferring your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.  To do this, please contact compliance@hemsleyfraser.co.uk. Please be aware that if you withdraw your consent we may no longer be able to provide you with services.

17. Questions, Comments and Complaints

We have appointed a data privacy manager to oversee compliance with this Privacy Policy.  If you have any questions concerning this policy, personal information that we hold on you, or you would like to change your personal information or make a complaint please contact them directly at compliance@hemsleyfraser.co.uk.

If we cannot fully resolve your complaint, you have the right to make a complaint to the Information Commissioner's Office (ICO), at https://ico.org.uk/. The ICO is the UK supervisory authority for data protection issues.  Our ICO registration number is Z5610077.

18. How we collect your data during website use

Personal Information may be submitted on our website in two areas:

18.1. Public Area

If you provide your name and address on the public area of our website in order to request information about our courses and services, you may voluntarily provide additional personal information. You will also be asked to provide your personal information in this area for the purposes of registering with us and opening an account with us.

18.2. Private Area – the client learner portal and the Digital Hub

If you are already one of our clients, have registered on our website and/or are using the client portal or Digital Hub, you must use a password to enter our website.  A “session cookie” is used to enable you to leave and re-enter our website without re-entering your password.  Our web server will record the pages you visit within our website or Digital Hub.  To ensure a good quality of service we may monitor and record any communication you have with us whether in writing, by phone or by e-mail.  E-mail is not encrypted to/from either the public or private areas of this website.

Last updated: 20/04/20