This policy describes the information that we process to support the storage and delivery of documents within the Aurora Archive and Retrieval system, The Data Workflow Manager System and other products or services provided by Haigh Consultancy Services Ltd. (HCS).
Privacy, Cookie Law and Security
For the purposes of the General Data Protection Regulation (the “Act”), both the data controller is and the data processor is Haigh Consultancy Services Ltd, West Walk Building, 110 Regent Road, Leicester, LE1 7LT.
A “Controller” determines the purposes and means of processing personal data.
A “Processor” is responsible for processing personal data on behalf of a controller.
We may monitor visitors on our websites and mobile apps and may use this data to improve our website performance and your experience with personalised content, promotions and campaigns, both on the website and through triggered email, SMS and direct mail (but only where you have agreed to these channels).
We may collect information about your IP address which may be used to detect the organisation or ISP connecting to the site and an approximate geographic location. This is done to help us identify unauthorised attempts at accessing the system.
If you are a customer or known contact you may be identified as having visited the site by virtue of either clicking through on emails, logging in or registering to use the website.
What Information do we collect?
We collect directly:
- Your company, name, address, telephone and email details
- Any other information relevant to access to our systems including cookie data
Indirectly we may record:
- Which pages on the site you visit
- Which emails you respond to
- Data supplied to us by our clients for the purpose of data processing and or archive and retrieval
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
The list below explains the cookies we use and why.
COOKIE 1: Has_js
COOKIE 2: HCS_COOKIE_POLICY
COOKIE 3: Drupal.toolbar.collapsed
DESCRIPTION: This cookie configures whether the toolbar is visible or not when using the administrative site.
COOKIE 4: Sess*
DESCRIPTION: This is a session cookie which is used to maintain the user session while logged into the administrative site.
How we collect information
We collect information in two ways.
Directly from you:
- When you fill in or update details with the ‘Profile’ section of the Aurora application
- When you email, call or write to us for further information
Indirectly from you:
- When you visit a web facing interface for one of our applications, e.g. Aurora.
- From data supplied by our clients for the purposes of data processing and or archive and retrieval
- When you respond to one of our emails, mailings or other promotions
What is our legal basis for processing data?
To allow you to access our systems and enjoy a personalised experience when using them.
To provide you with data found in archived documents within the system. The data controller has agreed that one or more of the following statements applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- processing is necessary for compliance with a legal obligation to which the controller is subject
- processing is necessary in order to protect the vital interests of the data subject or of another natural person
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
- To improve this site by determining how it is being used, and which areas are relevant or not.
How do we use this information?
We use this information to allow us to carry out tasks as defined, and on behalf of our clients. These include, but are not limited to, the creation of invoices, statements, insurance documentation, agreements and general letters.
We also use this information to allow us to correctly identify you when accessing our system to ensure a secure, personalised visit that allows access to information that you are authorised to view.
How do we share information?
We will not share your personal details such as name, address, email, telephone etc, or information about your business, with any organisation other than our own, Data Controller, parties authorised by the Data Controller or if ordered to do so by a recognised legal authority.
- to the extent that we are required to do so by law
- in connection with any legal proceedings or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
Do you transfer data outside of the EEU?
HCS may transfer data to it’s sister company, UkrData located in Ukraine. There are strict rules governing the processing of data which are detailed in a Data Protection Policy specifically written to cover the relationship.
Data will only be transferred where there is a clear need to do so and in accordance with Clauses 1 (specifically points a, b & c) of Article 49 of GDPR 2016 which states:
a.the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
b. the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request;
c. the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
We will take every precaution to protect your personal information.
You must not share your password for any services or portal access. Your passwords and the answers to any secret questions are your responsibility and must not be disclosed to any third party. This is also important for your own protection. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
Our website may contain links to other websites, you should be aware that we are not responsible for the privacy practices on other sites.
HCS use tools to monitor website performance.
We may also collect information about your IP address which may be used to detect the organisation or ISP connecting to the site.
If you are a known contact or customer of HCS you may be identified as having visited the site by virtue of logging in or registering to use the service.
How will we notify you of changes to this policy?
We will notify you before any changes of this policy come into effect. If you are a registered user of one of the HCS systems, this will be via email to the registered email within the system.
Data retention, account deactivation and deletion
We store data until it is no longer required to provide services to the Data Controller. This is by a client-by-client determination and will fall in line with their agreed retention period. For example, the Data Controller may have a legal requirement for us to store documents for 10 years and for them to be available for you to view for the entirety of that period. Other Data Controllers may only require us to store the data for a number of months before deleting it.
Whilst we will always undertake our obligations to delete accounts, if asked to do so, it is our recommendation that you discuss this with the Data Controller before a formal request is made. You are under no obligations to do so, however there may be consequences that HCS are unaware of and cannot therefore advise you of.
Data supplied to us via our web forms (on our website) will be stored for 2 years. You have the right for this data to be deleted
Access data stored in system logs, such as IP addresses, will be stored for 180 days for security purposes.
How can you exercise your rights under GDPR?
You have the right to see what personal data we hold about you. To obtain a copy of the personal information we hold about you, please write to us at Data Protection Office, Haigh Consultancy Services Ltd, 199 Minsthorpe Lane, South Elmsall, Pontefract, WF9 2DX or firstname.lastname@example.org
You also have the right to inform us if any of it is inaccurate so that we can correct it, or to delete your data.
We will inform you if, by deleting your data, services that we provide to you or to the Data Controller can no longer be performed.