We take the protection of your personal data seriously and recognise that it is important for you to understand how we use your personal data.
We will only use personal data in ways that are described in this policy and only in ways that are consistent with our obligations under applicable data protection laws.
2. Details of Hallmarq Entities
(i) Hallmarq Veterinary Imaging Ltd, Unit 5, Bridge Park, Merrow Lane, Guildford, GU4 7BF, UK a company registered in England and Wales with registration no 4061791 (“Hallmarq UK“). Hallmarq UK is registered with the Information Commissioners Office (“ICO“), No Z1691343; and
(ii) Hallmarq Veterinary Imaging Inc, 1275 W. Roosevelt Rd., Suite 116, West Chicago, IL 60185, USA (“Hallmarq US“) .
(together “Hallmarq”, “we”, “us“).
3. Data Controller and Data Processor
The UK General Data Protection Regulation (“UK GDPR“) distinguishes between two types of organisation: a Data Controller, and a Data Processor. In most cases Hallmarq is a Data Controller. However, in relation to information on and derived from installed imaging systems Hallmarq is a Data Processor. On occasion, Hallmarq US also acts as a Data Processor on behalf of Hallmarq UK.
The UK GDPR defines responsibilities that Data Controllers and Data Processors must publish and adhere to when processing personal data about an individual. Personal data is any information relating to an identified or identifiable individual. Any reference to an identifier such as a name, email address, or IP address, and any factor relating to a natural person such as their physical, physiological, or social identity, is personal information. Purely business data, such as a business name, office address, or generic email address, is not personal information.
Hallmarq collects and uses personal data in accordance with the UK GDPR and all other applicable data protection legislation currently in force.
- collect your data only for lawful reasons and in ways that have been explained to you;
- process it fairly, lawfully, and only where we have a need to do so;
- ensure it is correct and up to date;
- keep your data for only as long as we need it; and
- only use it in a way that you would reasonably expect or have consented to (as appropriate).
4. What personal information do we collect, how, and why
The personal information we collect includes:
- Identity data including title, first name and last name. If you participate in Hallmarq events at which photographs are taken, we may have your photograph.
- Professional and business data including your professional qualifications and affiliations, business title and role.
- Data contained in your CV or in references provided by third parties when you apply for a role with us.
- Contact data including billing address, delivery address, email address and telephone numbers.
- Marketing and communications data including your preferences and consent (if given) to receiving communications from us, and your interest in Hallmarq products and
- Customer support data including your training status, and information relating to your use of the system and any customer support needed.
- Business correspondence you have sent by post, email or other means, or written notes relating to you following a meeting, phone call, digital or other communication.
- Technical data including information about the software, device, and IP address from which you access our Site, which links you click and which videos you watch. For registered users we collect your username and a means of checking if your password is valid.
Personal data may be collected through:
- Direct interaction. We may meet you at an event, you may phone, email, or complete a form on a web site, you may communicate with us by other digital means, or you may correspond with us by post.
- Automated technology. As you interact with our Site, we may automatically collect technical data about the type of device used and your browsing actions. We collect this personal data by using cookies, server logs and other similar technologies.
5. Why do we collect this information and what is our “lawful basis” for doing so?
We will only use your personal information when the law allows us to. Whenever we process your personal data, we are required to identify and maintain a valid “lawful basis” (i.e. a legally compliant justification) for the processing. To help you to understand what we do with data and why, we have described the various relevant lawful bases that we rely on in the table below. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.
|How and why we use your personal data|| |
What is our legal justification for processing your personal data
We collect your information in order to manage your needs and ours in relation to Hallmarq’s products and services, including:
• Selection of an appropriate product and contract.
• Training, support and maintenance.
• Provision and improvement of our products and services, including anonymisation of information and its subsequent analysis.
• Security, enforcement, and legal obligations, to ensure that our products and services, and your use of them, conform to contract terms and conditions, and other legal requirements such as tax and regulations.
To measure how satisfied our Site visitors and our customers are and provide customer service (including troubleshooting in connection with your requests for services or when you ask us questions by email, on the phone or on social media).
We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data in relation to an order for products and services.
Alternatively, in some scenarios, we rely on our legitimate interests as a business (our legitimate interest in managing our business effectively and providing the products and services our customers expect). We may also use your personal data because it’s necessary for us to comply with a legal obligation.
To prevent or detect crime, fraud or abuses of our products and services or our Site and to enable third parties to carry out related technical, logistical, research or other functions on our behalf related to these purposes.
In some circumstances we will use your personal data because it’s necessary for us to comply with a legal obligation (for example, if we receive a legitimate request from a law enforcement agency).
In other cases (such as the detection of theft, fraud or ensuring security of our Site) we will rely on our legitimate interests in keeping our employees and our Site secure and to prevent theft and fraud.
To send you newsletters, updates, information about new products or services that we think might interest you.
To measure or understand the effectiveness of advertising we serve to you.
To carry out market research or similar surveys.
Unless we are contacting you in a business to business capacity, we will only use your personal data to send you electronic marketing messages if we have consent from you to do so (or if you are an existing customer and have not opted out of receiving marketing materials).
In some cases, we will rely on our legitimate interests to send these types of communication (our legitimate interest in marketing and advertising our products).
To find out more about the visitors to our Site and our customer base as a whole (and not to find out more about you as an individual) to ensure that the products and services that we offer are most likely to interest our Site visitors and customers.
We have a legitimate interest to make sure that we are providing you with the information that we think is most relevant to you.
We will not place cookies other than “strictly necessary” cookies on your device unless you have told us that you are happy for us to do so.
To notify you about changes to our services and terms and conditions.
We rely on our contractual arrangements with you as the lawful basis for this processing. In some cases, we rely on our legitimate interests as a business to send you these updates.
For administrative or business purposes, where you contact us for a particular reason other than those set out above, such as to report problems with our Site.
We have a legitimate interest to respond to your contact for the purposes of administering our business.
If you are a job applicant, we will use your personal data to assess your suitability for the role and to make recruitment decisions. Unless you ask us not to, we will continue to process the application data (including CVs and any interview notes) of unsuccessful applicants for a period of 12 months.
We have a legitimate interest in recruiting talent into our business and assessing candidates to ensure that we are making fair and appropriate recruitment decisions.
We may process some of your data on the basis of a legal obligation that applies to us as an employer (e.g. in some territories, this may require us to process data relating to race, religion, gender or disability/health).
If you participate in Hallmarq events at which photographs are taken, we may have your photograph.
We have a legitimate interest for marketing and business development purposes.
6. What if you fail to provide personal information?
Please make sure you provide us with information when requested as if you don’t we may not be able to perform the contract we have entered into with you (such as, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
7. Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain our legal justification for doing so and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
8. How we share your personal information and where it may be processed
- Third party suppliers and service providers which process your personal information
Like most businesses, we may provide your personal information to third parties for processing as part of the services that those third parties carry out on our behalf as part of the day to day operations of our business. These trusted suppliers will process your personal information on our behalf and provide us with services such as the provision of IT services, third party software providers, the hosting of your personal information and those services provided by our accountants and professional advisers.
We will always make sure that these trusted suppliers meet agreed standards for the protection of your personal information and that they will only ever be allowed to use your personal information in order to provide us with services (and not for their own purposes). We require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with applicable data protection law.
- Sharing your personal information with other entities in our group and our investors
We will share your personal information with other entities in our group and our investors as part of the administration of our business. For example, we may share personal information as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
- Other scenarios in which we might share your personal information
We may also share your personal information:
- with government authorities or professional bodies, such as HM Revenue & Customs in the United Kingdom (for tax purposes);
- with our professional advisors including tax, legal or other corporate advisors who provide professional services to us;
- with regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police and any other authorised law enforcement bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters etc.;
- in the event that we consider selling or buying any business or assets we will disclose your personal information to any prospective sellers or buyers of such business or assets;
- in the event of any insolvency situation (e.g. administration or liquidation);
- if we, or substantially all of our assets, are acquired by a third party, in which case your personal information will be one of the transferred assets;
- to protect the rights, property or safety of our employees, workers, contractors, clients, or others. This includes exchanging your personal information with other companies and organisations (including without limitation the local police or other local law enforcement agencies) for the purposes of our employee, worker, contractor and client safety, crime prevention, fraud protection and credit risk reduction; or
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
If you are not a current customer then we will only contact you for marketing purposes if we have your consent. We may also contact you if we believe you would reasonably expect us to contact you to ask for such consent (for example if we have spoken to you at a recent event).
Where you have consented, we may send you material relating to Hallmarq’s products and services that we believe may be of interest to you by post or email. We will never pass on your details to any other company for their promotion or marketing purposes. You can withdraw your consent to marketing messages at any time.
10. How long will we keep your data
We will only keep your personal information for as long as necessary to meet the needs for which we collected it.
In determining the appropriate length of time to keep your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have in place appropriate security measures to prevent your personal data from being accidentally lost, destroyed, or disclosed or used in an unauthorised way.
We limit access to your personal data to those employees who have a business need to know, or to third party Data Processors who have a need to know such personal data (and with whom we have a written contract in place). In each case, we will ensure that any third party Data Processors process your data according to our instructions and to only to the extent necessary to meet our business needs. Any such Data Processors are required to comply with the UK GDPR and the terms of the contract we have in place with them.
All of our critical business data, including personal information, is routinely backed up and archived.
12. International transfer of your personal data
Hallmarq is a multi-national organisation, with offices both inside and outside the UK and European Economic Area (“EEA“). Your personal information may be transferred outside the UK and EEA where required to meet your needs and/or ours in relation to Hallmarq’s products and services.
Where your personal information is processed outside of the UK and EEA, we will ensure that we take the necessary steps to protect your personal information as required by data protection laws.
In respect of international transfers from Hallmarq UK to Hallmarq US, we have entered into an International Data Transfer Agreement in the form approved by the UK ICO. For the purposes of the IDTA, Mick Crosthwaite .is Hallmarq US’s “Importer Data Subject Contact”.
13. Data breach
If your personal information is subject to unauthorised access or other such data breach we will document the breach and assess the likelihood and severity of the resulting risk to your rights and freedoms. If it is likely that there will be a significant risk then we will notify the ICO within 72 hours. If the breach is likely to result in a high risk we will also inform you without undue delay.
14. Your rights
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes so that our records can be updated. We cannot be held responsible for any errors in your personal information in this regard unless you have notified us of the relevant change.
Data protection law grants you a number of specific rights in respect of your data in addition to the broad and general right to have your data protected. We have set out some information in respect of each of those specific rights, below:
- Right to be informed about how your personal information will be processed. This enables you to receive information about how we use your personal information. We have set this information out in this notice.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (commonly known as the “right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Not to be subject to a decision solely based on automated processing. We do not anticipate making decisions about you based solely on automated decision making where that decision would have a significant impact on you. If we ever make a decision about you automatically by a computer or an algorithm without human intervention you can ask us to have that decision reviewed by a human.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK ICO at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
16. Third-party websites
Our Site may, from time to time, contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We encourage you to contact us first if you have any queries, comments or concerns about the way we handle your data (our details are in the section immediately below). We will try to put things right.
However, if you are not satisfied with our handling of any request by you in relation to your rights or concerns, you also have the right to make a complaint to the UK’s ICO. You can contact the ICO at: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF; 0303 123 1113; or https://ico.org.uk/.