Who we are
(Short answer: a compliance company)
We are The Privacy Compliance Hub Limited. We are the data controller responsible for protecting the personal information we hold about you. We genuinely believe in the importance of privacy for everyone.
We will keep your personal information safe and secure and we will not misuse it. We appreciate that your personal information belongs to you even if it has been shared with others. This privacy notice explains what we do with your personal information so you understand how we use it. It also tells you what your legal rights are in relation to it and how you can exercise them so that you are in control of your personal information at all times.
What information we have about you
(Short answer: as little as possible)
We may have personal information about you which you have given us; which we collect from your device; and, possibly, which we obtain from other sources. Much depends on your relationship with us. We do not provide incentives to individuals to provide us with personal information.
Categories of individuals whose personal information we may process
We process personal information of the following categories of individuals:
- visitors to our website at www.privacycompliancehub.com or who may email or call us;
- the primary contact at each of our clients (we sometimes call these ‘Hub Owners’);
- individuals provided with access to our platform (the ‘Hub’) by our clients (we sometimes call these ‘Hubbers’);
- contacts at our vendors and partners that we do business with;
- individuals whose personal information is contained in content placed in the Hub by Hubbers (we are a processor only in relation to such personal information (if any); and
- sales prospects.
Personal information you give us
Contact information such as name, address, email address and/or mobile number. We do not collect or process any financial information other than for payment of certain of our vendors and partners. We do not collect the financial information of any customers, or visitors to our website.
Personal information we collect from your device
We use Google Analytics which collects information when you visit our website or use our Hub. You can find more information about Google Analytics here. In essence, Google Analytics enables us to analyse how you and others interact with our website and the Hub. The information we collect may include:
- your IP address;
- the type of browser you use eg. Chrome;
- the type of device you use eg. Samsung;
- the type of operating system you use eg. Android;
- the timezone setting;
- information about how you use our website and Hub such as user preferences, which pages you visited, how often you visit those pages, how long you stay on those pages; and
- geolocation information.
Why we need your personal information
(Short answer: to make your life better)
We need certain types of personal information from you so that you can gain access to your Hub, so that you can buy our services, or so that we can pay you for your services (if relevant). We do not and never will sell your personal information.
Without such personal information we are unable to have a business relationship with you.
Personal information we need
- name and email address which is required for any individual that requires access to a Hub; and
- other contact details such as telephone number which may be required for contract processing and account management. We do not use telephone numbers for marketing purposes.
How we use your personal information
(Short answer: carefully and with respect)
We use personal information only to the extent that is necessary to operate our business and provide you with services.
The law allows us to use personal information as long as we tell you what we are using it for (see each bullet point below) and we have a valid lawful basis for doing so. We must tell you which lawful basis (in bold below) we rely on to use your personal information.
To fulfil our contractual obligations to you
We only use this legal basis for processing the personal information of our vendors and partners. We do not use it for our customers or visitors to our website. We use it;
- to provide services requested by our vendors and partners;
- to maintain relationships with our vendors and partners; and
- to pay certain of our vendors and partners.
When it is in our legitimate interests
This is one of the following business or commercial reasons (which we do not prioritise above your rights);
- to communicate with individuals that make contact with us;
- to provide access to Hubbers whose employer is a client of ours; and
- to tell you about products and services we think may interest you. We have a legitimate interest in promoting our business and increasing sales.
Who we share your personal information with
(Short answer: as few people as possible)
We will only share your personal information with other organisations after careful consideration and only when we have a legitimate reason.
We may share your personal information with:
- any organisation you have given us consent to share it with;
- law enforcement agencies, regulatory authorities or government bodies where we are under a legal or regulatory obligation to do so;
- our service providers, suppliers, partners and subcontractors where this is necessary to provide our services to you. These include:
- web analytics companies (Google Analytics and Hubspot);
- web-hosting and web development service providers (Memset, & Wavesong Design);
- automated marketing vendors (Hubspot);
- payment processors (GoCardless, Xero & HSBC);
- cloud based hosting and communications providers (GSuite & AWS); and
- online advertising providers (Google and LinkedIn).
- web analytics companies (Google Analytics and Hubspot);
- any prospective buyer of all or part of our business or assets (and associated advisors and agents) provided they use it only as set out in this privacy notice; and
Whether we transfer personal information outside the EEA
(Short answer: only occasionally)
We only transfer your personal information to countries outside of the European Economic Area (EEA) when it is necessary (for example where it is stored on servers based in a non-EEA country) and only if your personal information will benefit from the same protection as in the UK or EEA.
All EEA countries (the EU, Norway, Iceland and Liechtenstein) provide an adequate level of data protection allowing free transfer of personal information from the UK to any of those countries.
We protect your personal information which we transfer out of the EEA to the USA for web analytics purposes; payment processing; cloud based hosting and communication services; and online advertising. We ensure that each organisation to which personal information is transferred has entered into a contract with us which incorporates the European Commission’s Model Clauses.
How long we keep your personal information
(Short answer: for as little time as we think sensible)
We only keep your personal information for as long as we need it to carry out the different activities set out in this notice (see How we use your personal information).
Any personal information contained within Google Workplace is deleted after 6 years. Any personal information contained within a Hub is deleted 3 months after expiry of the contract governing that Hub. And any personal information contained within Hubspot is deleted once you have unsubscribed from our email marketing list.
What your rights are in relation to your personal information
(Short answer: you have a lot and we are happy to give them to you)
You can exercise your rights at any time by emailing us at email@example.com. We will need to verify your identity before we deal with your request so that your personal information is protected against unauthorised access.
Please send us copies of two pieces of identification along with your request, at least one of which should be a picture ID such as a driving licence or passport. If you are an authorised agent making a request exercising rights on behalf of an individual, please also send us proof of your authorisation by the individual.
To opt-out of marketing communications
You have the right to tell us not to use your personal information for marketing purposes. You may exercise this right at any time by contacting us at firstname.lastname@example.org, or clicking the unsubscribe link on any marketing emails we send you.
To obtain a copy of the personal information we hold about you
To ask us to correct any inaccurate information we hold about you
To ask us to delete any personal information we hold about you
You have this right in certain circumstances only. For example, it does not apply if we need to use your personal information to comply with our legal obligations or to establish, exercise or defend a legal claim.
To ask us to restrict our use of your personal information
You have this right in certain circumstances, for example where you have objected to our use of your personal information and we are considering whether our legitimate interests override yours. This is often a temporary measure and we are still allowed to store your information while we are restricted from using it.
To ask us to transfer your personal information to you or another organisation
This right is also known as the right to data portability. It is your right to have your personal information ported to you or a nominated third party in a structured, commonly used and machine readable format.
This right applies only to information which we have collected from you and which we process using automated means. You have this right only where we are using your personal information with your consent or to fulfil our contractual obligations to you (see How we use your personal information).
To object to our use of your personal information
You have this right only in relation to our use of your personal information on the ground of legitimate interests (see How we use your personal information).
How and when we make changes to our privacy notice
(Short answer: right here when we change how we use your information)
Any changes we make to this policy will be posted on this page. Where the changes are significant, we will let you know by email or in another appropriate manner such as when you next interact with our website or your Hub.
How and when to contact us
(Short answer: send us an email whenever you like)
We are real people and we care about privacy. It’s our job. We really do welcome any questions, comments or requests you may have regarding this privacy notice. You can email us at email@example.com.
Please also use those contact details if you have any complaints about the way we have used your personal information. If we do not deal with your complaint satisfactorily, you have the right to complain to the Information Commissioner’s Office.
Version date: 9 November 2020.