This Privacy Notice sets out the basis on which we will process personal data collected by or submitted to our website, interactive services or platform (collectively the “ Services ”).
When accessing the Services, you may fall into one or more of the following categories:
- You are a visitor to the website and are browsing and/or want to contact us to find out more information (“ Visitor ”);
- You are the representative of a business which is one of our collaborators or customers (“ Business User ”); or
- You are the holder of a HAT Account ( HAT Owner ”).
Most of this policy applies to all categories of user but sometimes how we handle your personal data depends on which category you fall into. Please see the relevant heading below for the terms that particularly apply to your category of user.
Who we are
For the purpose of the Data Protection Act 1998 (the "Act" ), the data controller is HAT Data Exchange Ltd (” we ”, “ us ” or “ our ”). We are a private limited company registered in England and Wales under company number 09821157 and have our registered office at The Cottages, 8 Comberton Road, Barton, Cambridge, CB23 7BA.
As a Visitor, you may contact us by email, telephone, or online response form. If you do this, we will use the personal data that you give to us to provide you with further information about relevant Services. For the purposes of the Act, we are the Data Controller of the personal data you provide as a Visitor.
If you are a Business User then an account may be set up for you or your organisation. More details about this may be found in the relevant terms and conditions governing the relationship between us and your organisation. This account will hold the data that you or you organisation provide to us or directly input into it, which may include personal data about you such as your name and contact details.
We process the personal data in Business User accounts to provide you and your organisation with services in accordance with our agreement. For the purposes of the Act, your organisation is the data controller and we are the data processor of the data contained within a Business User account.
If you are a HAT Owner, we will only use the personal data, such as your name, Personal HAT Address (PHATA) and email address (and if applicable payment information), that you provide during account creation to provide the associated services. For the purposes of the Act, we will be the data controller of this personal data.
There is a separate privacy notice dealing with personal data held in your HAT account and personal data collected by or submitted to the HAT dashboard.
Data collected and use
For all users of the Services, with regard to each of your visits to our website we will automatically collect the following data:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, [OTHER];
- data about your visit, including the full URL, clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
We will use data that you give to us:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
- to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
- to notify you about changes to our service; and
- to ensure that content from the website is presented in the most effective manner for you and for your computer.
We will use data that we collect about you:
- to administer the Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the website to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep the website safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of the website about goods or services that may interest you or them.
We will never provide any personal data that specifically identifies you to third parties to use for direct advertising or promotional purposes.
Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are widely used in order to make websites work, or work more efficiently, as well as to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.aboutcookies.org or http://www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Disclosure of your data
In addition to the disclosure mentioned above for particular categories of users, you agree that we have the right to share your personal data with:
- business partners, suppliers and sub-contractors for the performance of any contract we or a third party has entered into with you; and
- analytics and search engine providers that assist us in the improvement and optimisation of the website.
We will disclose your personal data to third parties:
- If we or substantially all of our assets are acquired by a third party, in which case data held by us about our customers and users will be one of the transferred assets.
Where we store your personal data
The data that we collect from you will not be transferred to, and stored at, a destination outside the European Economic Area ("EEA").
All data you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Note that the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org].
The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Act gives you the right to access data held about you. Where you make a subject access request relating to data of which we are the data processor we will ask you whether you would like us to forward the request to the relevant data controller. If we
are the data controller we will deal with that subject access request in accordance with the Act.
We use a third party provider, Mailchimp, to deliver our e-newsletter. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 7 November 2017.
How to contact us
If you have any questions or would like to comment on this privacy notice you can email us as at: email@example.com