WELCOME TO THE HIGHJAM MARKETING PRIVACY & GDPR POLICY.
Below you will find our policies regarding any personal information that you may supply to us through this web site, email, direct face to face or telephone contact or obtained as part of our promotional marketing assignments. Where Highjam is required to process relevant personal data we shall take all reasonable steps to do so in accordance with this Policy.
Highjam is registered under the Data Protection Act.
We acknowledge and agree that any personal data of yours that we handle will be processed in accordance with all applicable data protection laws in force from time to time. Currently, the Data Protection Act 1998 applies. With effect from 25 May 2018, the General Data Protection Regulations (“GDPR”) will come into force, which will change the law.
Our goal is to protect your privacy and the information that you submit to us through various channels (Face to Face, Email, Website, Phone Conversation)
Highjam Marketing Ltd operates this web site and its business operations from its offices in London, United Kingdom. All matters pertaining to this web site and business are governed and interpreted in accordance with the laws of England and Wales and any dispute arising hereunder shall be subject to the exclusive jurisdiction of the English Courts.
This web site is not directed to children under the age of sixteen and we do not knowingly collect personal information from children under the age of sixteen on the site. If we become aware that we have inadvertently received personal information from a visitor under the age of sixteen on the site, we will delete the information from our records.
Information we collect and how we use it
Personal Information – You may choose to provide personal information to Highjam Marketing Ltd via various channels. Here are some of the ways you may provide the information and the types of information you may submit. We also tell you how we may use the information.
The information about you we may collect, hold and process is set out below:
Where we collect this data from:
Contact Us – Email – If you email us through the “Contact Us” link on this site, we ask you for information such as your name and email address, so we can respond to your questions, queries and comments. You may choose to provide additional information as well.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Internet Protocol Address
We collect an Internet Protocol address from all visitors to our site. We use your IP address to help us administer our site. Your IP address is also used to help identify you when you visit our site.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Information We Share
We do not sell or otherwise disclose personal information about our visitors (by all channels), except as described here. We may share information provided by our visitors to this site with service providers we have retained to perform services on our behalf. These service providers are restricted from using or disclosing the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
How We Protect Personal Information
We maintain administrative, technical and physical safeguards to protect against unauthorized disclosure, use, alteration or destruction of the personal information you provide on this web site. We use secure socket layer (SSL) technology to help keep the personal information you provide on this site secure.
How we hold the information
All the personal data we have is stored on our database in the UK.
Disclosure of your information
Your personal information and related information will be kept on Highjam Marketing Ltd servers only. All servers will be located inside the European Economic Area (EEA). Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection or the appropriate safeguards are in place for your rights and freedoms. Before such a transfer takes place outside of the EEA, we will provide you with further information concerning this.
Other trusted third parties that we may share your data with are as follows: HM Revenue and Customs, pension scheme providers, legal advisors and other companies for the purpose of undertaking pre-engagement checks for the role or for paying or working with you.
You currently have the right at any time to ask for a copy of the information about you that we hold. At this time, we have the right to charge an administration fee for this service. When the GDPR comes into force, we will no longer have the right to charge a fee. If you would like to make a request for information please email firstname.lastname@example.org
In addition to this right of access, when the GDPR comes into force, you will also have the following rights: erasure, restriction of processing, objection and data portability. We will update you further in connection with these rights when they come into force.
Retention of your data
Your data will be retained for no longer than is necessary and in accordance with our Data Retention Policy.
Withdrawal of consent
If you have provided us with your consent to process your data, for the purpose of using our services, you have the right to withdraw this at any time. In order to do so you should contact us by emailing email@example.com
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible at the above addresses. We will promptly correct any information found to be incorrect.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to Information Commissioners Office at https:\\ico.org.uk\concerns
Highjam is required to process relevant personal data regarding members of staff, promotional staff, customers, customers consumers, suppliers and as part of its operation and shall take all reasonable steps to do so in accordance with this Policy.
We recognize that the GDPR will help us move towards the highest standards of operations in protecting our data subject’s data. We are committed to:
Data Protection Controller
Highjam has appointed the Group Operational Director as the Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy. Highjam recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period and the application date of 25 May 2018 and is actively working towards compliance with that directive.
Highjam shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the Data Protection Act to ensure all data is
1. Fairly and lawfully processed
2. Processed for a lawful purpose
3. Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Accurate and up to date
5. Not kept for longer than necessary
6. Processed in accordance with the data subject’s rights
8. Not transferred to other countries without adequate protection
Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary. Personal data may also include sensitive personal data as defined in the Act.
Processing of Personal Data
Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be disclosed to third parties with appropriate consent.
Highjam processes some personal data for direct marketing (for both Highjam and Highjam’s clients), data subjects have the right to request an opt-out to these activities, which must be respected.
Sensitive Personal Data
Highjam may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information, gender, religion, race, sexual orientation, trade union membership and criminal records and proceedings.
Rights of Access to Information
Data subjects have the right of access to information held by Highjam, subject to the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the DPC. Highjam will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 14 days for access to records and 7 days to provide a reply to an access to information request. The information will be imparted to the data subject as soon as is reasonably possible after it has come to Highjam’s attention and in compliance with the relevant Acts.
Certain data is exempted from the provisions of the Data Protection Act which includes the following:
The above are examples only of some of the exemptions under the Act. Any further information on exemptions should be sought from the DPC.
Highjam will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.
If an individual believes that Highjam has not complied with this Policy or acted otherwise than in accordance with the Data Protection Act, the member of staff should utilise Highjam’s grievance procedure and should also notify the DPC.
Highjam will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the Act. Highjam and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite. Other personal data may be for marketing purposes therefore having a lower requirement for data security.
Highjam must ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.
When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
Retention of Data
Highjam may retain data for differing periods of time for different purposes as required by statute, clients or best practices, individual departments incorporate these retention times into the processes. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data. Highjam may store some data such as passports, photographs, reviews, CV’s etc. indefinitely in its archive.
Data Security Breach Reporting
Confirmed or suspected data security breaches should be reported promptly to the Group Operation Director via firstname.lastname@example.org. The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.
Once a data breach has been reported an initial assessment will be made to establish the severity of the breach and who the lead responsible officer should be to lead the data breach management plan. This plan will involve the following four elements and will be conducted in accordance with the guidelines for Data Security Breaches by the Information Commissioner
A. Containment and Recovery
B. Assessment of Risks
C. Consideration of Further Notification
D. Evaluation and Response
All reported incidents will need to include the appropriate data classification in order for assessment of risk to be conducted.
1. Public Data: Information intended for public use, or information which can be made public without any negative impact for Highjam
2. Internal Data: Information regarding the day-to-day business of Highjam our clients businesses. Primarily for Highjam staff use, though some information may be useful to third parties who work for Highjam
3. Confidential Data: Information of a more sensitive nature for the business operations of Highjam and our clients, representing the basic intellectual capital and knowledge. Access should be limited to only those people that need to know as part of their role within Highjam
4. Highly Confidential Data: Information that, if released, will cause significant damage to Highjam or Highjam’s clients business activities or reputation, or would lead to breach of the Data Protection Act. Access to this information should be highly restricted.
Information Commissioner: https://ico.org.uk/media/1562/guidance_on_data_security_breach_management.pdf