1. Who we are :
1.1 Herts & Essex Site Investigations ("HESI", "we" or "us") is a limited company number 538578889 registered in England & ales which provides independent professional services in the UK;
1.2 We are:-
(a) responsible for the www.hesi.co.uk website ("Website"); and
2. The categories of personal data we collect :-
2.1 We may collect the following categories of personal data about you:
(a) your name and contact information such as your home and/ or business address, email address and telephone number;
(b) identity and biographical information including your nationality, date of birth, tax status, passport / national identity card details and country of domicile, your employment and employment history, job title and role, educational profile, interests and other information relevant to our provision of professional services;
(c) information in relation to your financial situation as well as your bank account details and other information necessary for processing payments and for fraud prevention purposes;
(d) an understanding of your goals and objectives and other information provided to us in connection with our provision of professional services;
(e) information about our meetings with you, in particular at our office; and/ or
(f) limited usage data relating to your viewing and accessing of our email marketing materials, and your marketing preferences (see Section 8 (Our communications, the Website and cookies) below).
3. How that personal data is collected :-
3.1 We may collect your personal data or you may provide it to us through various means including from information:
(a) You provide to us when you meet us;
(b) About you provided to us by your organisation, agents, advisers, intermediaries or custodians of your assets;
(c) Provided to us by our clients;
(d) You communicate to us by telephone, post, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
(e) Collected when you complete (or we complete on your behalf) client engagement formalities or register for an event;
(f) Drawn from publicly available sources or from third parties, for example when we need to conduct background checks about you;
(g) Collected when you view or access our email marketing materials (see section 8 (Our communications, the Website and cookies) below); and / or
(h) Collected otherwise in the normal course of providing professional services.
4. Our basis for processing your personal data and how we use that personal data :-
4.1 How we use your personal data will depend on whether you are a client, a representative of a client, a business contact, someone whose personal data we necessarily process as part of our provision of professional services, or otherwise. We may process your personal data for the following purposes:
(a) Providing a proposal to you or your organisation in relation to the professional services we offer and for client engagement purposes;
(b) Providing professional services to you and/ or our clients (including research and advice, and associated advisory services);
(c) Managing our relationship with you and/ or our clients (including billing and financial management), for record-keeping purposes and more generally for the proper operation of HESI;
(d) Dealing with any complaints or feedback you may have;
(e) Monitoring and improving the performance and effectiveness of our services, including by training our staff;
(f) Any other purpose for which you provide us with your personal data;
(g) The purposes set out in Section 8 (Our communications, the Website and cookies) below;
(h) Seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;
(i) Compliance with our legal and regulatory obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (where such investigation complies with relevant law) and to comply with Court orders;
(j) Safeguarding the security of our systems and communications; and / or
(k) For security purposes generally and to ensure the safety of our employees and visitors.
4.2 We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:
(a) The processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract with you;
(b) The processing is necessary for us to comply with our legal obligations;
(c) The processing is necessary for our legitimate interests (including the operation of HESI, and the provisions of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedoms; and/ or
(d) You have consented to the processing in question.
4.3 Where we process sensitive personal data, other lawful processing grounds may apply, such as that the processing is necessary for the establishment, exercise or defence of legal claims (for example to protect and / or defend our property or rights, or those of our clients) or for reasons of substantial public interest; or where you have given us your explicit consent.
5. Who we may share your data with :-
5.1 We may share your personal data with:
(b) With our client in the particular matter;
(c) Third parties we engage to assist in providing our professional services, such as other professional services firms, IT and other consultants, public relations advisers, translators and/ or couriers;
(d) Intermediaries to whom we introduce you;
(e) Third party service providers who provide business services to us, such as shared service centres, and with providers of anti-money laundering services and background checks, for processing in accordance with our instructions;
(f) Our own professional services providers and insurers, where appropriate;
(g) Third parties and their advisers in the event of the potential or actual sale or purchase of all or part of our business or assets (or any other business or assets), subject to appropriate obligations of confidentiality; and / or
(h) Courts and other authorities in connection with the enforcement or defence of legal rights and provision of our professional services.
6. How long we will hold your personal data for :-
6.2 In many cases this will mean that we shall retain your personal data for the same period as we retain your files or a copy of your files. Usually this will not be less than 16 years from the date that the relevant matter came to an end. In addition, we shall retain information obtained to meet our obligations under the anti-money laundering regulations for at least 5 years following the end of our business relationship with you.
6.3 Longer retention periods may be appropriate where, for example, specific legal or public interest archival reasons apply.
7. Your rights :-
7.1 Under GDPR you have the right to:
(a) Obtain access to, and copies of, the personal data we hold about you and information about how we process it;
(b) Require us to correct any inaccuracies in the personal data we hold about you;
(c) Require, in certain circumstances, erasure of your personal data;
(d) Require us, in certain circumstances, to restrict our data processing activities;
(e) Obtain from us the personal data you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
(f) Object to our use of your personal data based on our legitimate interests, on grounds relating to your specific situation;
(g) Withdraw your consent, where our use of your personal data is based on that consent; and
(h) Complain to the Information Commissioner's Office, which can investigate compliance with data protection law and has enforcement powers, if you are not satisfied with how we are processing your personal data.
7.2 Please contact us in writing using the contact details below if you would like to action any of your rights above. You should note that these rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply.
8. Our communications, the Website and cookies :-
8.1 We may use your contact details to send you (by post or electronically) briefings, newsletters, event invitations and other mailings promoting our services. We do so on the basis of our legitimate interests or your consent (as appropriate to the communication in question). You can always unsubscribe from these mailings, by clicking on the link in the relevant email; or by contacting us at firstname.lastname@example.org. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
8.2 We use mailing list management / marketing software to manage how we contact you as set out above. This enables us to record and manage how we contact you, and to manage your preferences and bookings for our events. It also enables us (as set out in any such email) to review whether emails are opened or forwarded, and whether briefing links are clicked. This data helps us to ensure our mailing list remains up to date; it also provides us with some basic information about your interests and to personalise our communications with you.
10. How to contact us :-