This notice is issued by:
Hallmarq Veterinary Imaging Ltd, Unit 5, Bridge Park, Merrow Lane, Guildford, GU4 7BF, UK
Company Registered in England and Wales, Registration No 4061791
Registered with the Information Commissioners Office (ICO), No Z1691343
and also on behalf of:
Hallmarq Veterinary Imaging Inc, 1275 W. Roosevelt Rd., Suite 116, West Chicago, IL 60185, USA
Data Controller and Data Processor
The General Data Protection Regulation (GDPR) distinguishes between two types of organisation: a Data Controller, and a Data Processor. In most cases Hallmarq is a Data Controller. However, in relation to information on and derived from installed imaging systems the company is a Data Processor.
The GDPR defines responsibilities that Data Controllers and Data Processors must publish and adhere to the management of personal information. Personal information is any information relating to an identified or identifiable individual. Any reference to an identifier such as a name, email address, or IP address, and any factor relating to a natural person such as their physical, physiological, or social identity, is personal information. Purely business data, such as a business name, office address, or generic email address, is not personal information. The GDPR applies whether personal information is stored and processed digitally or manually (eg on paper).
Hallmarq Veterinary Imaging Ltd collects and uses personal data in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force. We will:
- collect your data only for lawful reasons and in ways that have been explained to you
- process it fairly, lawfully, and only where we have a need to do so
- ensure it is correct and up to date
- keep your data for only as long as we need it
- only use it in a way that you would reasonably expect or have consented to (as appropriate).
What information do we collect, how, and why
The information we collect includes:
- Identity data including title, first name and last name. If you participate in Hallmarq events at which photographs are taken, we may have your photograph.
- Professional and business data including your professional qualifications and affiliations, business title and role.
- Contact data including billing address, delivery address, email address and telephone numbers.
- Marketing and communications data including your preferences and consent (if given) to receiving communications from us, and your interest in Hallmarq products and services
- Customer support data including your training status, and information relating to your use of the system and any customer support needed.
- Business correspondence, by post, email or other means, or written notes following a meeting, phone call, digital or other communication.
- Technical data including information about the software, device, and IP address from which you access our website, which links you click and which videos you watch. For registered users we collect your username and a means of checking if your password is valid.
- Personal data may be collected through:
- Direct interaction. We may meet you at an event, you may phone, email, or complete a form on a web site, you may communicate with us by other digital means, or you may correspond with us by post.
- Automated technology. As you interact with our website, we may automatically collect technical data about the type of device used and your browsing actions. We collect this personal data by using cookies, server logs and other similar technologies.
Why do we collect this information:
We collect your information in order to manage your needs and ours in relation to Hallmarq’s products and services, including:
- Selection of an appropriate product and contract
- Training, support and maintenance
- Provision and improvement of our products and services, including anonymisation of information and its subsequent analysis
- Security, enforcement, and legal obligations, to ensure that our products and services, and your use of them, conform to contract terms and conditions, and other legal requirements such as tax and regulations.
On what Lawful Basis do we collect and process your information
Collection and processing of your information will be according to a Lawful Basis:
- Legal obligation. To comply with tax and other regulations, court orders or law enforcement demands.
- Where we have a contract with you and need to process personal data to comply with our obligations under the contract, or where you have asked us to do something (eg provide a quote) and we need to process your personal data to do what you have asked.
- Where you have consented to the use of your personal information. Consent requires a positive opt-in, and will always be for a clearly specified purpose. When you consent, you can change your mind at any time.
- Legitimate interests. We have a legitimate interest in managing our business effectively and providing the products and services our customers expect, which may require the use of personal data. Where the lawful basis for our use of your personal information is legitimate interest, we will only use your data in ways you would reasonably expect and which have a minimal impact on your privacy.
If you are not a current customer then we will only contact you if we have your consent, or if we believe you would reasonably expect us to contact you to ask for such consent (for example if we have spoken to you at a recent event).
We may send you material by post or email relating to Hallmarq’s products and services that we believe may be of interest to you. We will never pass on your details to any other company for their promotion or marketing purposes. You can withdraw your consent to marketing messages at any time.
How long will we keep your data
We will only keep your personal information for as long as necessary to meet the needs for which we collected it.
In determining the appropriate length of time to keep your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have in place appropriate security measures to prevent your personal data from being accidentally lost, destroyed, or disclosed or used in an unauthorised way.
We limit access to your personal data to those employees who have a business need to know, or to third party Data Processors who have a need to know in order to process your data according to our instructions and to meet our business needs. Any such Data Processors are also required to comply with the GDPR.
All of our critical business data, including personal information, is routinely backed up and archived. Should your information change, that change will not be made to the backup copies but will be incorporated should we need to restore live data from a backup copy.
International transfer of your personal data
Hallmarq is a multi-national organisation, with offices both inside and outside the European Economic Area (EEA). Your personal information may be transferred outside the EEA where required to meet your needs and ours in relation to Hallmarq’s products and services.
Such transfers will only occur in accordance with Article 49 of the GDPR, including where you have given explicit consent, where the transfer is necessary for the conclusion or performance of a contract, where the transfer is required for legal reasons, or where the information is already open to the public.
If your personal information is subject to unauthorised access or other such data breach we will document the breach and assess the likelihood and severity of the resulting risk to your rights and freedoms. If it is likely that there will be a significant risk then we will notify the ICO within 72 hours. If the breach is likely to result in a high risk we will also inform you without undue delay.
The GPDR gives you 8 rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office at https://ico.org.uk/for-organisations/guide-to-the-general-data- protection-regulation-gdpr/individual-rights/