This policy is written in accordance with the following legal regulations:
- The Data Protection Act 1998, which was replaced by the General Data Protection Regulation (EU) 2016/679 from 25 May 2018 (“GDPR”)
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”)
- Directive 2009/136/EC of 25 November 2009 (“The European Union Cookie Directive”)
- About HeawardSports Ltd.
- Why do we collect information?
- The information we collect from you
- How we collect information
- How we use your information
- Third parties
- How we protect your information
- Your rights
- Questions and further information
1. About HeawardSports Ltd.:
our web site https://heawardsports.co.uk is owned by HeawardSports Ltd. (“HeawardSports Ltd.”, “we”, “us”, “our”) is a company registered in England and Wales with registration number 10996264. Our registered office is 24 the Avenue, Blythe Bridge, Staffordshire, ST119PY.
2. Why do we collect information?
We will always ensure that there is a legal basis for collecting and processing data. The main reasons for processing your data will be:
- Because you have given us consent to process your data for a specific reason/s;
- To ensure that we are able to perform or fulfil a contract with you (or a contract made with someone else on your behalf that requires us to collect data from you;
- To comply with our legal obligations and regulatory requirements;
For our legitimate interests, including:
- being able to effectively administer our business;
- to provide information to our clients; and
- to promote our business, products or services.
When processing data using the ‘legitimate interests’ condition, we will carry out a balancing test of our interest to ensure that our interest is not overridden by your rights, interests or freedoms.
3. The information we collect from you:
We only collect ‘Personal Data’ as defined by the GDPR. All other information we use is fully anonymised and thus outside the scope of the GDPR regulations.
Personal Data includes:
Name, address and postcode, email address, telephone number, date of birth, gender, and employment information (employer and/or job role).
Location data and online identifiers via cookies (see section 8 – ‘cookies’) may also be used when you visit our website.
4. How we collect information:
We use several methods to collect and obtain data. These include:
- Our website (online forms such as our contact form and cookies on our web site);
- Paper-based documents (business cards, contracts, assorted other documentation provided by our clients);
- Face-to-face contact and networking;
- Social media;
- Via third parties (see section 6 – ‘third parties’).
5. How we use your information:
Provision of services:
We will use the information that is provided to us to ensure that we are offering the best possible service to our customers and clients. This may include generic uses, such as acting upon customer feedback to change elements of our offer or developing a new product, or specific uses, such as using information provided as part of a client brief to ensure that we develop solutions that meet their needs.
We will send clients and customers updates relating to our products and services, industry news, updates and details of new funding opportunities. This information will be relevant to the products or services that have been provided previously, and we hope will be useful. If you would rather not receive these updates, you can either opt-out from any email communications and/or object to your data being used in this way (see section 8 – ‘your rights’).
From time to time, we may send you marketing information (unless you object) by email, post, social media or SMS. We will always be careful to contact you in a way which is non-intrusive, and can be reasonably expected for the message being conveyed. Our marketing communications will be compliant with the PECR, and will always give you the opportunity to opt-out from receiving future communication.
6. Third parties:
Providing data to third parties:
To enable us to perform or fulfil a contract with you (or a contract made with someone else on your behalf), we sometimes need to pass your data to third parties. Examples of this include if we make a planning application on your behalf or storing data on cloud-based systems such as Microsoft OneDrive.
Where data needs to be passed to third parties, we will always ensure that due diligence checks have been conducted prior to commissioning/entering into a contract with the third party, and any data transferred will be done so securely (see section 7 – ‘how we protect your information’).
If data is transferred or stored outside the EU, we will ensure that appropriate safeguards are in place and that data security standards are comparable to those of the EU.
We will never sell your data to third parties. If we use your data to develop or market our products and services (i.e. case studies, testimonials or statistics), we will always ask for your content, or ensure that data is anonymised pseudonymised prior to publication.
Obtaining data from third parties:
We may process data that has been collected by a third party. Sources of this data may include…
Someone who has personally provided us with your details (referrals);
Social media platforms;
Data brokers from who we purchase or access information for marketing and business development purposes;
Partners with whom we are engaged with joint campaigns or we offer joint services; or
Business-to-business information that is available in the public domain, such as company / organisation websites, public registers and databases (e.g. Companies House);
Where data is obtained from third parties, it is the responsibility of the third party to ensure that is has obtained your consent to share your personal information with us. Where possible, we will ask a third party to confirm that it has the right to pass this information to us.
When contacting you using information obtained via third parties, we will always ensure that any communications compliant with the PECR, and that you have the opportunity to opt-out from receiving future communication.
7. How we protect your information and privacy
Physical storage and transfer
We will store and transfer all paper-based records securely and ensure that it is only accessible by authorised individuals. We will also ensure that records are promptly and securely transported by either authorised individuals or through a secure carrier, and are not left unattended at any time.
Digital storage and transfer
We will ensure that any data stored electronically is protected by suitable security measures and can only be accessed by authorised individuals. Computers will be located in secure locations and mobile devices will have suitable protection (passwords, PIN numbers, encryption etc).
Any websites that we use to collect and process data will utilise appropriate security measures and will operate via a Hyper Text Transfer Protocol Secure (HTTPS) certificate.
We store and retain data for a reasonable period of time in relation to our business activities, or in accordance with our regulatory or contractual obligations.
Any paper-based records will be disposed of securely. They will either be shredded on site by an authorised individual or collected by a specialist confidential waste provider, with a certificate of disposal provided. Electronic records will be permanently deleted (including secondary and cloud based backups).
The GDPR define a data breach as the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. In the highly unlikely event of a breach, we are legally obliged to notify the Information Commissioner’s Office and any data subjects who may be adversely affected.
Cookies are small text files which are downloaded to and stored on your device when you visit a website. Cookies are widely used by website owners to provide you with a good experience while you browse, and also to provide information which can help website owners to improve websites.
- Make our site work;
- Collect anonymous data on how users navigate our site, which helps us to improve it;
- Allow you to share content on social networks; and
- To help us provide relevant advertising to those who may be interested in it.
- Collect any personally identifiable information; or
- Pass personal identifiable data to third parties.
9. Your rights
Legally, you have rights in relation to the personal information that we hold about you, and can:
- Request a copy of the information being held;
- Request that we correct any personal information that is inaccurate or out of date;
- Withdraw your consent to processing (if we have relied on your consent to process your personal information);
- Request that we transmit your data so that you can use it for your own purposes (data portability);
- Object to us processing your personal information. If you do this, we will stop processing your personal information if we are doing so for our legitimate interests, processing it for direct marketing or research purposes (unless such processing is necessary for the performance of a contract); and
- Restrict the processing of your personal information if you contest the accuracy of the personal information that we hold about you. In this instance, we will stop any processing whilst verifying the accuracy of the personal information.
- By email: office@HeawardSports.co.uk;
- By phone: 07983 655832 (normal rates for calls to a mobile number apply);
- By post: HeawardSports Ltd. 24 the Avenue, Blythe Bridge, Staffordshire, ST119PY.
This policy may change from time to time, so please check back regularly for updates.
You can find out more about this topic from the Information Commissioners website which can be found here https://ico.org.uk/