Henham Strategy Limited (collectively “Henham”, “we", "us” or “our”) respects your privacy and is committed to protecting your personal data. This privacy notice (“Notice”) describes our policies and procedures regarding personal data that we collect through or in connection with the use of our services, or in connection with the use of any websites or applications linking to this Notice, including (without limitation) https://henhamstrategy.com/ (our “Websites”).
It is important that you read this Notice together with any other notice or statement we may provide on specific occasions when we a recollecting or processing personal data about you so that you are fully aware of how and why we use your information. This Notice supplements other notices and statements that we may provide and is not intended to override them.
Henham reserves the right to change, modify and update this Notice from time to time by posting a revised version on our website. Therefore, we recommend that you regularly consult this Notice to make sure that you are aware of any changes. The most recent version of this Notice is reflected by the version date located at the top of this Notice.
In most cases, Henham is the “controller” of your personal data, as defined by the General Data Protection Regulation (EU)2016/679 which has been retained in the UK by virtue of the European Union(Withdrawal) Act 2018 (the “GDPR”). This means we determine the purposes and means of processing your personal data. In some limited circumstances, Henham will process personal data as a “processor” on behalf of our clients who will be the “controller” of your personal data. For the avoidance of doubt, Henham is the “controller” of, and is responsible for, https://henhamstrategy.com/.
If you have any questions or comments about this Notice or our privacy practices, please contact us:
By email: email@example.com
By post: c/o WeWork, 10 York Road, London, SE1 7ND
B. What is “personal data”?
The term “personal data” as used in this Notice shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you. "Personal data” includes special categories of personal data and "pseudonymised” personal data but excludes anonymous information or information from which the identity of an individual has been permanently removed.
C. What personal data do we collect?
Depending upon your use of the site, Henham Strategy may collect some or all the following personal (and non-personal) data:
· First and surname
· Telephone number
· Email address
· Home and/or work address
· Date of birth
· Communication preferences.
In addition to receiving applications via the website, we also accept applications via email. We will store your name, email address, phone number, cover letter and CV.
Special categories of data:
We do not anticipate that we will routinely process "special categories of data” in the provision of our services, although we may in some circumstances.
D. Why do we collect your personal data?
We are committed to processing your personal data in accordance with the law and in a fair and transparent manner. We will only process your personal data where we have a legal basis for doing so. Legal bases that we rely on might include:
A Contract: We will process personal data for the following purposes as is necessary for the performance of a contract between you and us or to answer questions or take steps at your request prior to entering into a contact:
· To administer or otherwise carry out our obligations in relation to any agreement to which we are a party
· To respond to queries or requests and to provide services and support
· To provide customer relationship management
· To create and manage our customer accounts
· To notify you about changes to our services.
· To update you on relevant news, insight and events
Legitimate interests/consent: We will process your personal data for the following purposes as necessary for certain legitimate interests, or where you have given your informed consent to such processing as required by applicable law (such consent can be withdrawn at any time):
· To offer our services to you in a personalised way;
· To allow you to participate in interactive features of our services; and
· To send you personalised marketing communications
Legitimate interests: We will process your personal data for the following purposes as necessary in our legitimate business interests,(provided such interests are not overridden by your interests or fundamental rights):
· To resolve disputes;
· To develop and improve our products and services;
· To administer our website and for internal business administration and operations, including troubleshooting, data analysis, testing, research and statistical purposes;
· As part of our efforts to keep our website safe and secure; and
· To comply with applicable law, for example, in response to a request from a court or regulatory body, where such a request is made in accordance with the law.
We may also process your personal data in order to protect your vital interests or the vital interests of another person, including (without limitation) if we have significant concerns about your health and/or wellbeing.
Where we process personal data on behalf of clients as a "processor”, we do not own such information and we will only use it to provide our services in compliance with this Notice and our contractual obligations.
E. How do we share your personal data?
We will not sell, hire out or pass on your personal data to third parties, except in the situations provided for in this Notice or unless you provide prior consent. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.
We will only transfer your personal data to trusted third parties who can: (1) provide sufficient guarantees of their technical and organisational security measures governing the processing of personal data; and(2) demonstrate a commitment to compliance with those measures. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where third parties are processing personal data on our behalf, they will be required to agree, by contract or otherwise, to process personal data in accordance with applicable law. This contract will stipulate, among other things, that the third-party and its representative shall act only on our instructions, or as permitted by law.
F. How do we store your personal data?
We store personal data, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the personal data is processed. We store your personal data as necessary to comply with our legal obligations, resolve disputes and enforce our rights. We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so. Please contact us for further details about our data retention periods.
G. Your data subject rights
In certain circumstances you have rights under the GDPR in relation to personal data we hold about you – specifically the right to:
· request access to your personal data;
· request correction of your personal data;
· request erasure of your personal data;
· object to the processing of your personal data;
· request restriction of processing your personal data; and
· request transfer of your personal data to a third party.
To exercise your rights, please contact us. If you send us a letter, please provide your name, address, email address and detailed information about the personal data you would like to update, modify or delete or any other changes you would like to make, or right you would like to exercise. We aim to respond to requests made by you within one month, but may extend that period by two further months where necessary. We will not charge a fee for you to exercise any of the rights listed above, but reserve our right to charge a reasonable fee, or to refuse to act on requests which are manifestly unfounded or excessive.
Where you believe that we have not complied with our obligations under this Notice or European data protection law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK’s Information Commissioner’s Office.