Privacy Policy

Privacy Statement

At Haslers Business Services LLP and its associated businesses (referred to as “we,” “us,” or “our”), we are committed to safeguarding and respecting the personal data we hold. Depending on the circumstances, we may engage other companies or firms associated with us to provide certain services. This privacy statement outlines why and how we collect and use personal data, as well as provides information about individuals’ rights. It applies to personal data provided directly by individuals or on their behalf by others. Please read the following carefully to understand our practices regarding your personal data and how we handle it.

Contact Details
Data Controller: Haslers Business Services LLP
Address: Old Station Road, Loughton, Essex IG10 4PL
Email: advice@haslers.com
Website: www.haslers.com
Purpose and Collection of Personal Data: We process personal data for various purposes, including service provision, legal compliance, and respecting individual rights.

The specific means of collection, lawful basis for processing, use, disclosure, and retention periods vary based on each purpose (detailed in relevant sections below).

Third-Party Data and Automatic Collection:

When we receive personal data from third parties related to an individual, we ensure that the necessary information about data use is communicated.

Additionally, we automatically collect information (such as IP addresses, previous page visits, and usage data) when you visit our website or use our services.

PERSONAL DATA
In accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (the Act), and the General Data Protection Regulation (Regulation (EU) 2016/679) (EU GDPR), personal data refers to “any information relating to an identified or identifiable natural person (data subject).” This information can be linked to an identifier such as a name, identification number, location data, online identifier, or specific factors related to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity.

THE DATA CONTROLLER
A data controller is an individual or legal entity responsible for managing and utilising personal data stored in either paper or electronic files. Haslers Business Services LLP serves as the data controller, as defined by applicable data protection laws and regulations.

Legal Bases for Processing Personal Data

Under the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (the Act), and the General Data Protection Regulation (Regulation (EU) 2016/679) (EU GDPR), personal data processing must align with specific legal bases. At least one of the following conditions must apply whenever personal data is processed:

Consent (Article 6(a)): You have freely, specifically, and unambiguously given consent for your personal data to be processed for a specific purpose.

Contract Performance (Article 6(b)): Processing is necessary for fulfilling a contract you have with Haslers. This includes situations where specific steps are required before entering into a contract.

Compliance with Legal Obligations (Article 6©): Processing is necessary for Haslers to meet legal requirements related to tax, social security obligations, and employment law (excluding contractual obligations).

Protection of Vital Interests (Article 6(d)): Processing is crucial for an individual’s survival.

Public Interest (Article 6(e)): Processing is necessary for Haslers to perform tasks in the public interest or related to official functions, with a clear legal basis.

Legitimate Interests (Article 6(f)): Processing is necessary for Haslers’ legitimate interests or those of a third party, unless there are compelling reasons to protect the individual’s personal data that override these interests.

DATA RIGHTS
Your data subject rights are listed below:

• the right of access;
• the right to rectification;
• the right to erasure or right to be forgotten;
• the right to restriction of processing;
• the right to be informed;
• the right to data portability;
• the right to object; and right not to be subject to a decision based solely on automated processing.
• Under the UK GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date.

To exercise any of the above writes, please write to:

Data Controller
Haslers Business Services LLP
OId Station Road

Loughton
Essex IG10 4PL

Email: advice@haslers.com

DATA THAT WE HOLD

Professional Services
We offer services to both individuals and various organisations, including businesses and non-profit making organisations. The specific data we hold depends on the nature of the services we provide.

When engaging with clients for professional services, we may collect and process personal data to fulfil contractual obligations. We kindly request that clients only provide necessary personal information required for us to meet our contractual commitments.

Our data processing serves several purposes:

1. Providing Services to Clients: We process data to deliver the services outlined in our engagement letter with clients. Occasionally, additional details may be clarified in written documentation before any data processing occurs.
2. Client Management: To effectively address client needs, we process personal data during communication and assessment. This ensures that the right combination of services is tailored to each client.
3. Administration: Managing our business and services involves collecting and processing personal data. This includes maintaining internal records, managing client relationships, hosting events, administering client-facing applications, and overseeing internal operational processes.
4. Regulatory Compliance: In the course of providing professional services, we may collect and process personal data to meet regulatory, legal, or ethical requirements. This may include verifying individuals’ identities.

What data is processed?

The data we process depends on the type of services provided and the recipients of those services:

1. Services to Businesses, Non-Profits, and Other Organizations:
   • We process personal data of individuals associated with our clients. This may include relevant financial or non-financial information necessary for service provision.
   • Examples of such data include contact details, payroll information, employee records (including dismissal details), shareholder lists, customer data, supplier information, and any other relevant specifics.
2. Services to Individuals:
   • Personal data for individuals may include contact details, tax identifiers, business activity information, investment details, financial interests, payroll data, and other relevant particulars.

Business Contacts
Personal data from our contacts, which encompasses both potential and prior customers, as well as potential and prior employees, is securely stored in our Customer Relationship Management (CRM) tool. This information is entered into the CRM tool following contact between a partner or staff member of Haslers and a business contact.

Why do we process this data? When personal data related to business contacts is held, it serves the following purposes:

1. Promotion and Development: We utilise this data to promote and enhance our offerings.
2. Technical Updates Communication: It enables us to communicate technical updates effectively.
3. Event Hosting and Facilitation: We manage events by leveraging this information.
4. Relationship Management: The data assists in maintaining and managing our relationships.
5. Administrative and Management Functions: We use it for administrative and management purposes.

What specific data do we hold? The personal data stored in the CRM tool includes, but is not limited to:

• Names
• Email Addresses
• Phone Numbers
• Physical Addresses
• Job Titles
• Details of the Initial Meeting

Additionally, personal data may be securely archived with restricted access and other appropriate safeguards when there is a need to continue retaining it.

Our people
We gather personal data for our employees as part of our business administration, management, and promotional activities. Our Employee Handbook and consultancy agreements provide detailed information on how we handle personal data for our staff and consultants

Applicants
When an individual applies to work with us, we collect personal data during the application process. Some of this data is obtained through forms on our website, which are described in the section related to individuals using our website. The data collected from applicants via the website serves the following purposes:

1. Employment Assessment: We process an applicant’s personal data to evaluate their suitability for potential employment at Haslers.
2. Administration and Management: Additionally, we utilise this personal data for informed management decisions and administrative purposes

Suppliers
We collect and process personal data related to our suppliers, subcontractors, and the individuals associated with them. This data serves several purposes:

• Receiving Goods and Services:
  • We process personal data concerning our suppliers and their staff as necessary to receive the services they provide.
• Providing Services to Our Clients:
  • When a supplier assists us in delivering professional services to our clients, we process personal data about the individuals involved in service provision.
  • This helps us administer and manage our relationship with the supplier and relevant individuals, ensuring smooth service delivery to our clients.
• Administering, Managing, and Developing Our Business:
  • Our data processing supports various aspects of running our business:
    • Managing relationships with suppliers
    • Developing our services by identifying client needs and enhancing service delivery
    • Maintaining and utilising IT systems
    • Hosting or facilitating events
    • Administering and managing our website, systems, and applications
• Security, Quality, and Risk Management Activities:
  • We implement security measures to safeguard personal information for both us and our clients.
  • These measures include detecting, investigating, and resolving security threats.
  • Personal data may be processed during security monitoring, such as automated scans to identify harmful emails.
  • We also monitor service quality and manage risks related to our suppliers, collecting and holding personal data as part of supplier contracting procedures.
• Promoting Our Services:
  • We may utilise business contact information to share relevant updates, insights, and invitations related to our services. For instance, industry news and event announcements.
• Compliance with Legal and Professional Requirements:
  • As a responsible entity, we adhere to legal, regulatory, and professional obligations.
  • Certain records containing personal data are maintained to demonstrate compliance with these obligations.

What specific data do we hold? We retain data necessary for the aforementioned purposes. For example, this typically includes supplier names, contact names, and supplier contact details.”

Visitors to our office
We collect personal data is collected when individuals visit our office, through sign in details, CCTV and meeting invites.

CCTV is securely held with limited access, and only available when needed for investigating an incident.

Why do we process data?

Visitor data is retained in case of theft or any other incident to protect both staff and the data held in the office.

What data is held?

Footage of visitors is retained on CCTV to ensure physical security of the office.

People who use our website, mobile apps, and other means

Individuals who engage with our online platforms, including our website, mobile apps, and other channels, contribute to the collection of personal data. This data is acquired through automated tracking mechanisms and interactions with various forms on these platforms (collectively referred to as ‘websites’).

Additionally, personal data may be gathered when individuals contact us via phone, email, or other means. Such interactions encompass scenarios where an individual:

• Registers to use our websites
• Subscribes to our services
• Makes enquiries
• Comments on publications
• Participates in competitions, promotions, or surveys
• Applies for employment with a Haslers business
• Reports issues related to our websites

During website visits, specific personal data may be automatically collected. Furthermore, we collaborate with third parties who collect data on our behalf. These third parties include business partners, sub-contractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies.

It’s important to note that individuals who visit our websites often fall into multiple categories outlined in our privacy policy. For example, website users may be current clients, business contacts, or potential future clients. In such cases, data initially collected and processed for website users may also serve other purposes.”

Why do we process data?

When individuals visit our websites, they may provide personal data for various reasons. These include:

1. Administration:
   • We process personal data to administer our website and enhance internal operations.
   • This involves troubleshooting, data analysis, testing, research, statistical purposes, and surveys.
   • For instance, we ensure that the website is well-presented and appropriately optimized for users.
2. Functionality:
   • Certain personal data is necessary for users to access specific features on our website.
   • This ensures that functionalities work as intended.
3. Security:
   • To maintain website safety and security, we collect personal data.
   • Examples include login information and other data used to verify an individual’s identity.
4. Promotion and Development of Offerings:
   • We use some personal data to measure advertising effectiveness.
   • Our goal is to display relevant advertising content to users.

What data do we hold?

The data we hold varies based on what information was entered and for what purpose:

1. Data Entered for Website Functionality:
   • When individuals engage with our website features, personal data may include:
     • Names
     • Addresses
     • Email addresses
     • Phone numbers
     • Financial and credit card details
     • Personal descriptions
     • Photographs
2. Automatically Collected Data:
   • Technical information collected automatically includes:
     • IP addresses used to connect to the internet
     • Login information
     • Browser type and version
     • Time zone settings
     • Browser plug-in types and versions
     • Operating system and platform
3. Additional Data Collected During Visits:
   • We may collect other data related to an individual’s visit, such as:
     • Full Uniform Resource Locators (URLs) visited
     • Clickstream data (including date and time)
     • Viewed or searched products
     • Page response times
     • Download errors
     • Length of visits to specific pages
     • Page interaction details (scrolling, clicks, mouse-overs)
     • Methods used to leave the page
     • Phone numbers used to call our customer service.
4. Cookies Usage:
   • Our website uses cookies to distinguish individuals and enhance their browsing experience.
   • Detailed information about the cookies we use and their purposes can be found in our Cookie policy.

SHARING PERSONAL DATA
We may share your data with our associated businesses. Additionally, we may disclose your personal data to third parties under the following circumstances:

• Legal Obligations and Enforcement:
  • We share data when legally required or to enforce agreements.
  • This includes protecting the rights, property, or safety of our organisation and others.
  • Before engaging with third parties, we assess their compliance level through vendor risk assessments and regulation tests.
  • When sharing data with third parties, we establish contractual arrangements and security mechanisms to safeguard your data, maintaining compliance with data protection, confidentiality, and security standards.
• Transfers to Third-Party Organizations:
  • We transfer personal data to third-party organisations for various purposes:
    • Applications/Functionality and IT Services: These third parties support us in providing services, obtaining feedback, and managing internal IT systems. Examples include information technology providers, cloud-based software services, identity management, website hosting, data analysis, security, and storage services.
    • Goods, Services, or Information: Other third parties assist us in delivering goods, services, or information.
    • Haslers and Group Businesses: Data may be shared within our business group.
    • Auditors and Professional Advisers: We use other professional advisors to assist in delivery of our services.
    • Law Enforcement and Regulatory Agencies: Compliance with legal requirements necessitates sharing data with these entities.

• Occasionally, we may receive requests from third parties with the authority to obtain disclosure of personal data. These requests may arise to verify our compliance with applicable laws and regulations, investigate alleged crimes, or establish, exercise, or defend legal rights. We will only fulfill requests for personal data where permitted by applicable law or regulation.
• Third-Party Websites: Our site occasionally contains links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please be aware that they have their own privacy policies. We do not accept responsibility or liability for these policies. Before submitting any personal data to these websites, please review their respective privacy policies.

LOCATIONS OF PROCESSING
Whenever feasible, personal data remains within the UK territory. However, there may be instances where it is transferred to and stored in a destination outside the UK. In such cases, we take reasonable measures to ensure that your data is securely treated in accordance with this privacy policy.

If personal data is transferred outside the UK to a country lacking a designated adequacy rating, we implement appropriate safeguards as per Article 46 of the UK GDPR. Alternatively, we may seek the data subject’s consent under Article 49 of the UK GDPR before processing the data.

SECURITY OF YOUR INFORMATION
To safeguard the privacy of data and personally identifiable information transmitted through our website, we employ physical, technical, and administrative safeguards. Our security technology is regularly updated and tested. Access to your personal data is restricted to employees who require it for providing benefits or services to you. Additionally, we train our employees on the significance of confidentiality and maintaining the privacy and security of your information. We are committed to enforcing privacy responsibilities through appropriate disciplinary measures

HOW LONG WE STORE YOUR PERSONAL DATA FOR
We adhere to our data retention policy when storing your personal data. This policy is regularly reviewed and updated internally to ensure that we retain data only for necessary periods. Additionally, we assess where and how data is stored to meet our obligation of secure data storage.

Certain data we hold may be subject to legal and regulatory obligations, which dictate minimum retention periods for different data types. The specific retention period varies based on the type of data we hold.

Furthermore, as outlined in this policy, we collect data for various purposes and from different groups. Consequently, we retain information in distinct ways.

Professional Services
We retain the personal data processed by us in a live environment for as long as necessary for the purpose(s) for which it was collected. This duration typically aligns with applicable law or regulation, which often mandates a retention period of approximately 6 years.

In certain cases, we may retain data for longer to establish, exercise, or defend our legal rights and those of our clients.

Personal data that we no longer actively use is securely archived. We apply restricted access and other appropriate safeguards to ensure continued retention where necessary.

Business Contacts
We retain the personal data processed by us for as long as necessary based on the purpose(s) for which it was collected. However, the personal data of business contacts will not be retained if there is no evidence that a business contact is actively engaged with us or our communications.

Our People and the applicants
Personal data collected from applicants is retained for as long as necessary to fulfill the purpose for which it was collected. If those purposes are no longer relevant, the maximum retention period is two years.

Suppliers
We retain the personal data processed by us for as long as necessary based on the purpose for which it was collected. This duration typically aligns with applicable law or regulation, which often mandates a retention period. Additionally, data may be held for longer periods when required by law or regulation to establish, exercise, or defend our legal rights.

People who visit our offices
Visitor records are accessed on a need to know basis only and by authorised personnel only. CCTV recordings are overwritten after 31 days unless an issue requiring investigation is brought to our attention.

People who use our website, mobile apps, and other means
We retain the personal data processed by us in a live environment for as long as necessary based on the purpose(s) for which it was collected. This typically aligns with applicable law or regulation, which often mandates a retention period of approximately 6 years.

Additionally, personal data may be securely archived with restricted access and other appropriate safeguards when there is a need to continue retaining it.

For more information about our data retention schedule, please email us at advice@haslers.com

CHANGES TO THIS PRIVACY POLICY
We reserve the right to vary this privacy policy from time to time and are effective once they are posted on our website.   Use of our website or submission of personal data ss deemed acceptance of the current terms.

COMPLAINTS
For further information on your rights and how to complain to the ICO, please refer to the ICO websitehttps://ico.org.uk/concerns

Contact details
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (local rate)