1      About us

At HiiROC Limited (which, together with each of its subsidiary companies, shall now be referred to as HiiROC, ‘we’ or ‘us’) we take data protection seriously, are committed to safeguarding all data in our possession and ensuring the privacy of our customers. We will only use information provided to us for specified and lawful purposes as provided under the UK General Data Protection Regulation and will handle this information both respectfully and responsibility. Our contact details are 303 National Avenue, Hull, HU5 4JB.

This privacy notice provides details about how your personal information is collected, shared and used by us. To learn more about HiiROC, visit www.hiiroc.com. If you have any questions about this privacy notice or the practices described herein, you may email privacy@hiiroc.com.

HiiROC is the Data Controller and responsible for this website.

2      UK GDPR

We have revised our Privacy Notice to comply with the UK GDPR (now referred to as ‘GDPR’) ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

3      Information covered by this Privacy Notice

This privacy notice covers personal information, including any information we collect, use and share from you, as described further below. This privacy notice applies to all HiiROC websites, our products, and services (collectively, the “Services”).

When you purchase a product or service from us, your personal information will be collected, used, and shared consistent with the provisions of this privacy notice.

4      Definitions under GDPR

• Data Subject – means an individual who is the subject of personal data.
• Data Controller – An organisations or individual who (either alone or jointly or in common with other persons) determines the purposes for which, and the manner in which, any personal data is, or is to be, processed.
• Data Processor – In relation to personal data, means an organisation or individual who processes the data on behalf of the Data Controller.
• Personal Data – Any information relating to an identified or identifiable natural person, such as their name, identification number, address, web browsing data or other factors specific to physical, psychological, genetic, mental, economic, cultural or social identity of that person.
• Special Categories of Personal Data – Information including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life and sexual orientation, and genetic or biometric data.

5      Information we collect from you

5.1   Website visits

Data relating to your online activity on our websites including the following:

• IP address
• browser type and version
• geographic location
• pages you view
• your interactions with any videos we offer
• issues you encounter requiring our support or assistance
• any device or other method of communication you use to interact with the Services

We store this data we collect in a variety of places within our infrastructure, including system log files, back-end databases and analytics systems.

5.2   ‘Contact us’ page or in-person events

• Information you provide on the ‘Contact Us’ page on our website, such as your name, email address and phone number
• Information you provide to us at in-person or networking events, such as your name, email address, phone number, company name and job role
• Information that you provide during any registration process (such as your name, company name, email address, phone number and geographic location), when you call or email us (for support or otherwise) or when you use our products or services.

5.3   Applications for job / career opportunities

• When you have provided details for the purpose of consideration of working for/on behalf of HiiROC, this data will be held under the basis of legitimate interests whilst discussions progress.
• Data may include but is not limited to contact details, social and professional profiles, education and work experience. Should additional personal and/or personal sensitive data be sought for the purpose of vetting (such as criminal offence disclosure), explicit consent will be sought prior to activity, for which you have the opportunity to opt in or decline (the latter of which may result in an application being unable to be progressed).
• Should discussion lead into agreement of a working arrangement, data will be maintained, the management of which will be outlined within a mutually agreed contract.
• Data will only be held and processed where it is necessary to support the legitimate interest of our business except where such action will be overridden by your interests or fundamental rights and freedoms which require protections of personal data.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences, unless explicit consent is provided.

6      How we use your information

We use the information we collect, both on its own and combined with any other information we collect about you, for the following purposes:

• Contract, meaning the processing of your personal data for the performance of a contract to which you are a party, or in readiness for entering into a contract
• Legitimate interests, meaning the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law)
• Legal or regulatory obligation, meaning the processing of your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to
• Consent, meaning you have provided a clear and affirmative approval for us to process your personal data for a specific reason

We have set out below, in a table format, a description of all the ways we plan to use your data, with the legal basis we rely on to do so.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	·       Identity ·       Contact	·       Performance of a contract with you
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	·       Identity ·       Contact ·       Financial ·       Transaction	·       Performance of a contract with you ·       Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	·       Identity ·       Contact ·       Profile ·       Marketing and Communications	·       Performance of a contract with you ·       Necessary to comply with a legal obligation ·       Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	·       Technical ·       Usage	·       Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	·       Identity ·       Contact ·       Technical ·       Usage ·       Profile	·       Necessary for our legitimate interests (to develop our products/services and grow our business)
To process your job application	·       Identity ·       Contact ·       Profile ·       Employment history	·       Performance of a contract with you ·       Necessary to comply with a legal obligation (if employment is secured) ·       Necessary for our legitimate interests (to keep our records updated)

7      Sharing of information

As further described below, we will only share certain personal information with:

• in connection with a sale, merger, acquisition or corporate reorganisation
• authorised users within your organisation
• for legal reasons

Further information about the third parties with whom we share personal information is available here.

7.1   Corporate reorganisations

If we are involved in a merger, acquisition, rebranding, a sale of all or a substantial portion of our assets, or other similar sale transaction, your information will be transferred as part of that transaction. We will notify you by email and/or a prominent notice on our website of any such transfer and any choices you may have regarding your information.

7.2   Applications for job / career opportunities

Personal information may be shared with organisations utilised to vet qualifications, professional accreditations, prior work experience and/or criminal offence screening where permission has been granted by you for HiiROC to conduct such activities (necessary as part of our employment screening practices).

7.3   Legal process

Lastly, if legally required to do so, or if we have a good faith belief that such disclosure is reasonably necessary, we may disclose your personal information to courts of law and/or applicable regulatory authorities, law enforcement authorities and other relevant third parties, such as internet service providers, to conduct an investigation, respond to a third party or law enforcement subpoena or court order, bring legal action, prevent harm to others or pursue other relief when you or a third party are or may be:

• violating our terms and conditions applicable to you from time to time;
• causing injury or other harm to, or otherwise violating the property or other legal rights, of us, other users, or third parties; or
• violating any other applicable law, regulation, bye-law or policy in place from time to time applicable to you or your role with HiiROC.

8      Tracking technologies and online advertising

We use cookies, web beacons, pixels, tags, scripts and other similar technologies in the course of our business. Information about the technologies we use, why we use them (for example, in connection with online advertising), and how you can control them can be found in our Cookie Policy.

9      Choice / opt-out

9.1   Email

You always have the opportunity to opt out of our marketing communications with you or change your preferences by following a link in the footer of all non-transactional email messages from us or by emailing us at privacy@hiiroc.com.

9.2   Phone

We may contact you by telephone, with your consent where applicable, for marketing purposes. We will check the Telephone Preference Service (TPS), Corporate Telephone Preference Service (CTPS) and our internal CRM system before making calls. If your number appears as blocked on either list, we will not call you. If you do not want to receive marketing calls, please contact us and we will update our records.

9.3   Cookies

Our websites use cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser.

10       Retention of personal information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by emailing privacy@hiiroc.com.

11       Your rights

Where the United Kingdom’s General Data Protection Regulation (GDPR) applies, in certain circumstances and subject to data processing agreements, you have rights in relation to the personal information we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. To exercise any of your rights, please email privacy@hiiroc.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

11.1  Access

You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.

11.2  Portability

You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal information or it’s processing once received by the third party.

11.3  Rectification

You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.

11.4  Erasure

You may request that we erase the personal information we hold about you in the following circumstances:

• where you believe it is no longer necessary for us to hold the personal information;
• we are processing it on the basis of your consent, and you wish to withdraw your consent;
• we are processing your data on the basis of our legitimate interest and you object to such processing;
• you no longer wish us to use your data to send you marketing; or
• you believe we are unlawfully processing your data.
• Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.

11.5  Restriction of processing to storage only

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:

• You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
• We wish to erase the personal information as the processing we are doing is unlawful, but you want us to simply restrict the use of that data;
• We no longer need the personal information for the purposes of the processing, but you require us to retain the data for the establishment, exercise, or defence of legal claims; or
• You have objected to us processing personal information we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.

11.6  Objection

You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.

You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.

11.7  Withdrawal of consent

Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by emailing privacy@hiiroc.com.

12       Children

Our Services are not directed to persons under 18. We do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without such parent or guardian’s consent, he or she should contact us. If we become aware that a child under 18 has provided us with personal information, we will delete such information from our files.

13       Data transfer

In providing the Services to you, your personal information will not be transferred to outside of the UK or European Economic Area (EEA). Should any changes to this notice take place, appropriate safeguards will be introduced in accordance with the GDPR regulations, and this will be communicated to users accordingly.

For transfers of personal information within the HiiROC corporate family, such transfer will be under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the ICO’s International Data Transfer Agreements or Addendum to the European Commission’s Standard Contractual Clauses).

14       Data Protection Officer

Our Data Protection Officer’s contact details are:

• Mark Gerard
• Number 22 Mount Ephraim, Tunbridge Wells, England, TN4 8AS
• privacy@hiiroc.com

15       Complaints

In the event that you wish to make a complaint about how we process your personal information, please contact us at privacy@hiiroc.com and we will try to deal with your request. This is without prejudice to your right to raise a complaint with the UK Supervisory Authority (Information Commissioner’s Office) by contacting:

Information Commissioner’s Office

• Website: https://ico.org.uk/make-a-complaint/
• Telephone: +44 (0) 303 123 1113
• Live Chat: https://ico.org.uk/global/contact-us/live-chat

16       Notification of changes

We reserve the right to modify this privacy notice at any time, so please review it frequently. If we decide to change this privacy notice in any material way, we will notify you here. Your continued use of any Services constitutes acceptance to any such changes.

Last modified August 4th, 2022