As a member of the HR Inner Circle, we will process and store personal data which identifies you. This includes your name, address, telephone number, details of your subscription and your credit card details (although we never store your credit card details; they are held by Stripe - the global leading payment processor).
Who is the Data Controller?
The data controller is HR Inner Circle Limited (company 7714689), whose registered office is Unit 3, Chequers Farm, Chequers Lane, Watford WD25 0LG.
What will we do with your data?
We will store your data, and use it for the purpose of sending you information as part of your membership, collecting payment from you, and also for sending you information about HR or employment related products which we think might be useful. We will also store your IP address.
We will communicate with you by email and post, unless you ask us to telephone you or we need to call you to deal with something, such as a payment enquiry. We will never use your telephone number for marketing purposes.
What are our Grounds for processing your Data?
Our principal ground is that the processing is necessary to fulfil the terms of our contractual agreement with you.
If we are sending you information about products we think might interest you, then we rely on legitimate interest as our ground for processing. These products might include (subject to you opting out of any individual campaign) direct marketing emails on employment law information products (mainly seminars, CDs, books and online webinars) which we think are of interest to subscribers to Daniel Barnett’s employment law updates. During a sales campaign, of which there will typically be four a year, we will send you an average of one email a day for the duration of the campaign (typically between 2 and 6 weeks). Every email will contain one, and usually two, prominent links to opt out of that advertising campaign. By including very prominent opt-out links, we think that strikes a fair balance between our legitimate interest in marketing to you, and your interests in not receiving unwanted direct marketing.
Do we use tracking or automatic processing?
In our emails, we can track whether you have opened the email or clicked on any link within it. We use this information solely to understand the performance of our mailshots, to draw out general trends, and to monitor the size of our active readership.
We do not use any information at a personal level, except that if you have told us your occupation and/or your closest city, we may use that information to automatically filter you out from receiving irrelevant direct marketing where we do not think we have sufficient legitimate interest in sending it to you. For example, if we are sending direct marketing emails about an employment law seminar in Manchester, and you have told us you live in London, we are likely to exclude you from that direct marketing campaign.
From time to time we might email you and ask you to provide a bit more information about yourself – for example, your occupation, or your closest city. You do not have to reply to those emails and are free to ignore them. The only thing we do with the information you give us is use it for the automatic processing described above, to reduce the amount of any direct marketing we send you if we think you won’t be interested.
Who do we share your data with?
Your data will be kept secure and never shared with any third parties (including our advertisers), except for the following organisations (and any similar organisations we may subcontract services to in the future, at which point we will update this policy):-
- Rocket Science Group LLP (more commonly known as ‘MailChimp’), which is the US-based company we use to send emails. We have entered into an agreement with them whereby they agree to store and process your data in accordance with the EU Privacy Shield.
- Dropbox, Inc., which is the US-based company we use to store all our documents. These documents include backups of our subscriber list. Dropbox has ISO 27018 (the internationally recognised standard for leading practices in cloud privacy and data protection), is certified for compliance with the EU Privacy Shield and has undertaken it will comply with the provisions of the GDPR.
- Stripe, which is a leading global payment processory, whom we use to collect your subscriptions.
- Wix, which is our hosting provider and which provides our website hosting. Your data is stored on their servers.
- subcontractors to whom we delegate website or database programming and maintenance, or necessary administrative functions.
If we sell our business, or merge with another organisation, then we will probably share your data with them as part of the sale/merger.
Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies, or as part of a disclosure exercise in litigation.
How long will we keep your data for?
We will keep your information until you object to us doing so, or until seven years have elapsed since your membership ended. As set out above, you can also opt out from any advertisement campaigns at any time.
What about your right to make changes, or be deleted?
You can request changes to, or ask to remove, the data we hold about you, and how we use it. Should you wish to do so, or to remove yourself from our records, you can do this at any time by clicking the ‘update profile’ or ‘unsubscribe’ link at the bottom of a newsletter, or by emailing us at email@example.com. You can ask to see your personal data. We will always comply wherever we can, where the request is proportionate, realistic, and reasonable. We can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. You can also request erasure from our records.
What if you have a Complaint?
If you believe your privacy rights have been violated, you may file a complaint with us at firstname.lastname@example.org, or with the Information Commissioner’s office at https://ico.org.uk/. We would prefer you contacted us in the first instance, however, as we take your privacy seriously and can most likely remedy any errors or problems quickly and easily.
Is this policy cast in stone?
No – we will look at the policy from to time and may make changes. Any changes which do not substantially change the existing policy or significantly affect your privacy will not be directly notified to you, but will be updated on our website. Any substantial changes or any changes which significantly affect your privacy will be sent to you by email.